3 matches found
CVE-2015-6480
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action...
CVE-2015-6480
The CVE-2015-6480 entry concerns Moxa OnCell Central Manager (pre-2.2). The vulnerable component is the MessageBrokerServlet, which does not require authentication, enabling remote attackers to gain administrative access by issuing commands such as addUserAndGroup. This authentication bypass is t...
Moxa OnCell Central Manager Vulnerabilities
OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning hardcoded credentials and authentication bypass vulnerabilities in Moxa’s OnCell Central Manager Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. Moxa has released a...