Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAndrea Micalizzi (rgod)ZDI-15-452
HistorySep 29, 2015 - 12:00 a.m.

(0Day) Moxa OnCell Central Manager Server MessageBrokerServlet Authentication Bypass Vulnerability

2015-09-2900:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
14

EPSS

0.216

Percentile

96.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa OnCell Central Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MessageBrokerServlet servlet, which does not ensure a user is authenticated prior to accepting commands. An attacker can exploit this condition to perform various actions, including addUserAndGroup, to take full control of the product and achieve code execution on all managed hosts.

Related

nvd 1
prion 1
cvelist 1
cve 1
ics 1
nvd
nvd
CVE-2015-6480
2015-12-21 11:59:05
prion
prion
Authentication flaw
2015-12-21 11:59:00
cvelist
cvelist
CVE-2015-6480
2015-12-21 11:00:00
cve
cve
CVE-2015-6480
2015-12-21 11:59:05
ics
ics
Moxa OnCell Central Manager Vulnerabilities
2018-08-27 12:00:00

EPSS

0.216

Percentile

96.5%

JSON
Related for ZDI-15-452
nvd1prion1cvelist1cve1ics1