Vulnerabilities > Moxa > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2019-6524 | Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa products Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. | 5.0 |
| 2019-03-05 | CVE-2019-6520 | Unspecified vulnerability in Moxa products Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | 5.0 |
| 2019-03-05 | CVE-2019-6518 | Missing Encryption of Sensitive Data vulnerability in Moxa products Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | 5.0 |
| 2018-10-19 | CVE-2018-18394 | Cleartext Storage of Sensitive Information vulnerability in Moxa Thingspro 2.1 Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 5.0 |
| 2018-10-19 | CVE-2018-18393 | Unspecified vulnerability in Moxa Thingspro 2.1 Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 5.0 |
| 2018-10-19 | CVE-2018-18392 | Unspecified vulnerability in Moxa Thingspro 2.1 Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 6.5 |
| 2018-10-19 | CVE-2018-18391 | Unspecified vulnerability in Moxa Thingspro 2.1 User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 6.5 |
| 2018-10-19 | CVE-2018-18390 | Information Exposure vulnerability in Moxa Thingspro 2.1 User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 5.0 |
| 2018-07-24 | CVE-2018-10632 | Resource Exhaustion vulnerability in Moxa products In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. | 5.0 |
| 2018-05-14 | CVE-2017-12127 | Insufficiently Protected Credentials vulnerability in Moxa Edr-810 Firmware 4.1 A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. | 4.4 |