Mxsecurity Security Vulnerabilities and Issues — Mxsecurity CVE List

MoxaMxsecurity

9 matches found

CVE•added 2023/05/22 6:40 a.m.•82 views

CVE-2023-33236

CVE-2023-33236 affects Moxa MXsecurity Series software v1.0, where a vulnerability involving hard-coded credentials could be exploited to craft arbitrary JWT tokens and bypass authentication for web-based APIs. The issue enables remote exploitation with low attack complexity and no user interacti...

9.8CVSS9.7AI score0.00973EPSS

CVE•added 2023/09/02 12:37 p.m.•79 views

CVE-2023-39983

Affected software: MXsecurity (nsm-web UI) prior to v1.0.1. What is vulnerable: A vulnerability allowing an unauthenticated remote attacker to register or add devices via the nsm-web application, potentially polluting the MXsecurity sqlite database. Root cause / details: Documented across multipl...

5.3CVSS5.4AI score0.0048EPSS

CVE•added 2023/05/22 5:38 a.m.•58 views

CVE-2023-33235

CVE-2023-33235 affects Moxa MXsecurity Series software v1.0, where the SSH CLI component is vulnerable to command injection. An attacker with authorization could break out of the restricted shell and execute arbitrary code. Mitigation/patch: upgrade to MXsecurity v1.0.1 or higher (per CISA ICSA a...

8.8CVSS8.3AI score0.01456EPSS

CVE•added 2024/10/18 8:21 a.m.•57 views

CVE-2024-4740

CVE-2024-4740 concerns MXsecurity software, affected in versions v1.1.0 and prior. The root cause cited is the use of hard-coded credentials, enabling an attacker to tamper with sensitive data. Public details explicitly cover impact as data tampering; no exploit status or in‑the‑wild details are ...

7.5CVSS5.5AI score0.00274EPSS

CVE•added 2023/09/02 12:31 p.m.•55 views

CVE-2023-39982

MXsecurity versions prior to v1.0.1 contain a hard-coded SSH host key that may allow man-in-the-middle attacks and decryption of SSH traffic, compromising confidentiality and integrity. The issue affects the MXsecurity platform’s SSH communications on affected devices. Remediation acknowledged in...

7.5CVSS6.1AI score0.00369EPSS

CVE•added 2023/09/02 12:5 p.m.•52 views

CVE-2023-39979

MXsecurity versions prior to 1.0.1 contain an authentication bypass vulnerability due to insufficient randomness in the Web Services Validator/authenticator component. The issue allows remote attackers to bypass authentication and potentially access the system when the web service authenticator u...

9.8CVSS9.4AI score0.0074EPSS

CVE•added 2023/09/02 12:25 p.m.•51 views

CVE-2023-39981

MXsecurity is vulnerable in versions prior to 1.0.1 due to inadequate authentication, enabling a remote attacker to disclose device information. The CVE-2023-39981 description specifies unauthorized access as the risk, with the base CVSS v3.1 metrics indicating high impact on confidentiality and ...

7.5CVSS7.5AI score0.00618EPSS

CVE•added 2024/10/18 8:11 a.m.•47 views

CVE-2024-4739

The issue pertains to MOXA MXsecurity, affecting versions v1.1.0 and prior. Root cause: lack of access restriction to resources, enabling an attacker who has a valid authenticator to impersonate an authorized user and access the resource. Impact: confidentiality could be exposed (as per CVE metri...

7.5CVSS5.5AI score0.00345EPSS

CVE•added 2023/09/02 12:14 p.m.•44 views

CVE-2023-39980

CVE-2023-39980 affects MXsecurity prior to v1.0.1. The issue is SQL injection caused by improper neutralization of certain elements, enabling a remote attacker to alter SQL commands and disclose authenticated information. A fix is available: upgrade MXsecurity to v1.0.1 or later. Evidence from mu...

8.1CVSS7.3AI score0.00516EPSS