Search criteria
9 vulnerabilities found for miineport_e1_firmware by moxa
FKIE_CVE-2023-28697
Vulnerability from fkie_nvd - Published: 2023-04-27 02:15 - Updated: 2024-11-21 07:55
Severity ?
Summary
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | miineport_e1_firmware | 1.7.2 | |
| moxa | miineport_e1 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:miineport_e1_firmware:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D757A5B5-4CE5-4C69-912A-B0D5525450F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08E72C6A-A107-4EB6-9692-C769DE9EEA17",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service."
}
],
"id": "CVE-2023-28697",
"lastModified": "2024-11-21T07:55:49.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "twcert@cert.org.tw",
"type": "Secondary"
}
]
},
"published": "2023-04-27T02:15:09.313",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Release Notes"
],
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
}
]
}
FKIE_CVE-2016-9344
Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/94783 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94783 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | miineport_e1_firmware | * | |
| moxa | miineport_e2_firmware | * | |
| moxa | miineport_e3_firmware | * | |
| moxa | miineport_e1 | - | |
| moxa | miineport_e2 | - | |
| moxa | miineport_e3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5768CC53-4855-45C6-9FD0-C3603B2FBA7C",
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E099C55B-0E6B-448E-A524-7D405261DC88",
"versionEndIncluding": "1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD73B290-2AB0-4AAB-B9D6-E655181C88D0",
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08E72C6A-A107-4EB6-9692-C769DE9EEA17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AACCDD37-C2D0-473A-ACE5-2B1246BF4712",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0017FB3-ADDC-477E-B4CD-4BFF1977CED0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Moxa MiiNePort E1 versiones anteriores a 1.8, E2 versiones anteriores a 1.4 y E3 versiones anteriores a 1.1. Un atacante puede ser capaz de forzar una cookie de sesi\u00f3n activa para poder descargar archivos de configuraci\u00f3n."
}
],
"id": "CVE-2016-9344",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T21:59:01.720",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94783"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9346
Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/94783 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94783 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | miineport_e1_firmware | * | |
| moxa | miineport_e2_firmware | * | |
| moxa | miineport_e3_firmware | * | |
| moxa | miineport_e1 | - | |
| moxa | miineport_e2 | - | |
| moxa | miineport_e3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5768CC53-4855-45C6-9FD0-C3603B2FBA7C",
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E099C55B-0E6B-448E-A524-7D405261DC88",
"versionEndIncluding": "1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD73B290-2AB0-4AAB-B9D6-E655181C88D0",
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08E72C6A-A107-4EB6-9692-C769DE9EEA17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AACCDD37-C2D0-473A-ACE5-2B1246BF4712",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0017FB3-ADDC-477E-B4CD-4BFF1977CED0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Moxa MiiNePort E1 versiones anteriores a 1.8, E2 versiones anteriores a 1.4 y E3 versiones anteriores a 1.1. Los datos de configuraci\u00f3n son almacenados en un archivo que no est\u00e1 cifrado."
}
],
"id": "CVE-2016-9346",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T21:59:01.800",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94783"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-28697 (GCVE-0-2023-28697)
Vulnerability from cvelistv5 – Published: 2023-04-27 00:00 – Updated: 2025-01-31 18:53
VLAI?
Title
Moxa MiiNePort E1 - Broken Access Control
Summary
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | MiiNePort E1 |
Affected:
1.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:53:01.649336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:53:10.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MiiNePort E1",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.7.2"
}
]
}
],
"datePublic": "2023-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MiiNePort E1 version to 1.8"
}
],
"source": {
"advisory": "TVN-202303002",
"discovery": "EXTERNAL"
},
"title": "Moxa MiiNePort E1 - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-28697",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:53:10.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9346 (GCVE-0-2016-9346)
Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.
Severity ?
No CVSS data available.
CWE
- Moxa MiiNePort Configuration data not encrypted
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Moxa MiiNePort |
Affected:
Moxa MiiNePort
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa MiiNePort",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Moxa MiiNePort"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Moxa MiiNePort Configuration data not encrypted",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa MiiNePort",
"version": {
"version_data": [
{
"version_value": "Moxa MiiNePort"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moxa MiiNePort Configuration data not encrypted"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9346",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:37.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9344 (GCVE-0-2016-9344)
Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
Severity ?
No CVSS data available.
CWE
- Moxa MiiNePort Session Hijack
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Moxa MiiNePort |
Affected:
Moxa MiiNePort
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:36.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa MiiNePort",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Moxa MiiNePort"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Moxa MiiNePort Session Hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa MiiNePort",
"version": {
"version_data": [
{
"version_value": "Moxa MiiNePort"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moxa MiiNePort Session Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9344",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:36.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28697 (GCVE-0-2023-28697)
Vulnerability from nvd – Published: 2023-04-27 00:00 – Updated: 2025-01-31 18:53
VLAI?
Title
Moxa MiiNePort E1 - Broken Access Control
Summary
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | MiiNePort E1 |
Affected:
1.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:53:01.649336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:53:10.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MiiNePort E1",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.7.2"
}
]
}
],
"datePublic": "2023-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MiiNePort E1 version to 1.8"
}
],
"source": {
"advisory": "TVN-202303002",
"discovery": "EXTERNAL"
},
"title": "Moxa MiiNePort E1 - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-28697",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:53:10.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9346 (GCVE-0-2016-9346)
Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.
Severity ?
No CVSS data available.
CWE
- Moxa MiiNePort Configuration data not encrypted
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Moxa MiiNePort |
Affected:
Moxa MiiNePort
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa MiiNePort",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Moxa MiiNePort"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Moxa MiiNePort Configuration data not encrypted",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa MiiNePort",
"version": {
"version_data": [
{
"version_value": "Moxa MiiNePort"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moxa MiiNePort Configuration data not encrypted"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9346",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:37.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9344 (GCVE-0-2016-9344)
Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
Severity ?
No CVSS data available.
CWE
- Moxa MiiNePort Session Hijack
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Moxa MiiNePort |
Affected:
Moxa MiiNePort
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:36.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa MiiNePort",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Moxa MiiNePort"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Moxa MiiNePort Session Hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa MiiNePort",
"version": {
"version_data": [
{
"version_value": "Moxa MiiNePort"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moxa MiiNePort Session Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
},
{
"name": "94783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9344",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:36.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}