cvelistv5 - cve-2023-34214

CVE-2023-34214 (GCVE-0-2023-34214)

Vulnerability from cvelistv5 – Published: 2023-08-17 02:26 – Updated: 2024-10-28 06:07

Summary

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

Moxa

References

URL

Tags

https://www.moxa.com/en/support/product-support/s…

vendor-advisory

Impacted products

Vendor

Product

Version

Moxa

TN-5900 Series

Affected: 1.0 , ≤ 3.3 (custom)

Moxa	TN-4900 Series	Affected: 1.0 , ≤ 1.2.4 (custom)
Moxa	EDR-810 Series	Affected: 1.0 , ≤ 5.12.27 (custom)
Moxa	EDR-G902 Series	Affected: 1.0 , ≤ 5.7.17 (custom)
Moxa	EDR-G903 Series	Affected: 1.0 , ≤ 5.7.15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:01:54.270Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "tn-5900",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "3.3",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tn-4900",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "1.2.4",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edr-810",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "5.12.27",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edr-g902",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "5.7.17",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edr-g903",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "5.7.15",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34214",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T17:30:32.666754Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T17:37:23.351Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "TN-5900 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.3",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TN-4900 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "1.2.4",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDR-810 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.12.27",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDR-G902 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.7.17",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDR-G903 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.7.15",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
            }
          ],
          "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-28T06:07:21.645Z",
        "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "shortName": "Moxa"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Second Order Command-injection Vulnerability in the Certificate-generation Function",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
    "assignerShortName": "Moxa",
    "cveId": "CVE-2023-34214",
    "datePublished": "2023-08-17T02:26:05.428Z",
    "dateReserved": "2023-05-31T08:58:06.149Z",
    "dateUpdated": "2024-10-28T06:07:21.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3\", \"matchCriteriaId\": \"ABA65A45-A850-440B-8B4B-191D46059E71\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.4\", \"matchCriteriaId\": \"442E0C68-A369-4079-86CC-0E63408C48E7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.\"}]",
      "id": "CVE-2023-34214",
      "lastModified": "2024-11-21T08:06:47.010",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@moxa.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-08-17T03:15:09.747",
      "references": "[{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities\", \"source\": \"psirt@moxa.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@moxa.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@moxa.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-34214\",\"sourceIdentifier\":\"psirt@moxa.com\",\"published\":\"2023-08-17T03:15:09.747\",\"lastModified\":\"2024-11-21T08:06:47.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3\",\"matchCriteriaId\":\"ABA65A45-A850-440B-8B4B-191D46059E71\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.4\",\"matchCriteriaId\":\"442E0C68-A369-4079-86CC-0E63408C48E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0\"}]}]}],\"references\":[{\"url\":\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities\",\"source\":\"psirt@moxa.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:01:54.270Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-34214\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-08T17:30:32.666754Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"tn-5900\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"tn-4900\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"edr-810\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.12.27\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"edr-g902\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.7.17\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"edr-g903\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.7.15\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-08T17:37:05.891Z\"}}], \"cna\": {\"title\": \"Second Order Command-injection Vulnerability in the Certificate-generation Function\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248 Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Moxa\", \"product\": \"TN-5900 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"TN-4900 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.4\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDR-810 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.12.27\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDR-G902 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.7.17\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDR-G903 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.7.15\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \\n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \\u00a0\\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \\n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \\n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\\\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\\\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eEDR-810 Series: \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\\\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eEDR-G902 Series: \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\\\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eEDR-G903 Series: \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\\\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"shortName\": \"Moxa\", \"dateUpdated\": \"2024-10-28T06:07:21.645Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-34214\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-28T06:07:21.645Z\", \"dateReserved\": \"2023-05-31T08:58:06.149Z\", \"assignerOrgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"datePublished\": \"2023-08-17T02:26:05.428Z\", \"assignerShortName\": \"Moxa\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2023-2089

Vulnerability from csaf_certbund - Published: 2023-08-16 22:00 - Updated: 2023-08-16 22:00

Summary

Moxa Router: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Moxa Router sind Router für industrielle Anwendungen die darauf ausgelegt sind, in anspruchsvollen Umgebungen zuverlässige und sichere Netzwerkkonnektivität zu bieten.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moxa Router ausnutzen, uum beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Moxa Router sind Router f\u00fcr industrielle Anwendungen die darauf ausgelegt sind, in anspruchsvollen Umgebungen zuverl\u00e4ssige und sichere Netzwerkkonnektivit\u00e4t zu bieten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moxa Router ausnutzen, uum beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2089 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2089.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2089 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2089"
      },
      {
        "category": "external",
        "summary": "Moxa Security Advisories - MPSA-230402 vom 2023-08-16",
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Moxa Router: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-08-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:12.803+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2089",
      "initial_release_date": "2023-08-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Moxa Router TN-4900 Series \u003c= 1.2.4",
                "product": {
                  "name": "Moxa Router TN-4900 Series \u003c= 1.2.4",
                  "product_id": "T029390",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:1.2.4::tn-4900_series"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Moxa Router TN-5900 Series \u003c 3.4",
                "product": {
                  "name": "Moxa Router TN-5900 Series \u003c 3.4",
                  "product_id": "T029391",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:3.4::tn-5900_series"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Router"
          }
        ],
        "category": "vendor",
        "name": "Moxa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-34217",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00.000+00:00",
      "title": "CVE-2023-34217"
    },
    {
      "cve": "CVE-2023-34216",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00.000+00:00",
      "title": "CVE-2023-34216"
    },
    {
      "cve": "CVE-2023-34215",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00.000+00:00",
      "title": "CVE-2023-34215"
    },
    {
      "cve": "CVE-2023-34214",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00.000+00:00",
      "title": "CVE-2023-34214"
    },
    {
      "cve": "CVE-2023-34213",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00.000+00:00",
      "title": "CVE-2023-34213"
    },
    {
      "cve": "CVE-2023-33239",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00.000+00:00",
      "title": "CVE-2023-33239"
    },
    {
      "cve": "CVE-2023-33238",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00.000+00:00",
      "title": "CVE-2023-33238"
    },
    {
      "cve": "CVE-2023-33237",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00.000+00:00",
      "title": "CVE-2023-33237"
    }
  ]
}

CERTFR-2023-AVI-0659

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	Séries TN-5900 versions antérieures à 3.4
Moxa	N/A	Séries TN-4900 toutes versions sans le dernier correctif de sécurité
Moxa	N/A	Séries NPort IAW5000A-I/O toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa MPSA-230304 du 16 août 2023	None	vendor-advisory
Bulletin de sécurité Moxa MPSA-230402 du 16 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "S\u00e9ries TN-5900 versions ant\u00e9rieures \u00e0 3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "S\u00e9ries TN-4900 toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "S\u00e9ries NPort IAW5000A-I/O toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-34213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34213"
    },
    {
      "name": "CVE-2023-34214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34214"
    },
    {
      "name": "CVE-2023-33237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33237"
    },
    {
      "name": "CVE-2023-33239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33239"
    },
    {
      "name": "CVE-2023-34217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34217"
    },
    {
      "name": "CVE-2023-34216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34216"
    },
    {
      "name": "CVE-2023-33238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33238"
    },
    {
      "name": "CVE-2023-4204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4204"
    },
    {
      "name": "CVE-2023-34215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34215"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0659",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Moxa\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-230304 du 16 ao\u00fbt 2023",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-230402 du 16 ao\u00fbt 2023",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
    }
  ]
}

CERTFR-2023-AVI-0659

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	Séries TN-5900 versions antérieures à 3.4
Moxa	N/A	Séries TN-4900 toutes versions sans le dernier correctif de sécurité
Moxa	N/A	Séries NPort IAW5000A-I/O toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa MPSA-230304 du 16 août 2023	None	vendor-advisory
Bulletin de sécurité Moxa MPSA-230402 du 16 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "S\u00e9ries TN-5900 versions ant\u00e9rieures \u00e0 3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "S\u00e9ries TN-4900 toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "S\u00e9ries NPort IAW5000A-I/O toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-34213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34213"
    },
    {
      "name": "CVE-2023-34214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34214"
    },
    {
      "name": "CVE-2023-33237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33237"
    },
    {
      "name": "CVE-2023-33239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33239"
    },
    {
      "name": "CVE-2023-34217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34217"
    },
    {
      "name": "CVE-2023-34216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34216"
    },
    {
      "name": "CVE-2023-33238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33238"
    },
    {
      "name": "CVE-2023-4204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4204"
    },
    {
      "name": "CVE-2023-34215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34215"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0659",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Moxa\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-230304 du 16 ao\u00fbt 2023",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-230402 du 16 ao\u00fbt 2023",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
    }
  ]
}

FKIE_CVE-2023-34214

Vulnerability from fkie_nvd - Published: 2023-08-17 03:15 - Updated: 2024-11-21 08:06

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@moxa.com	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
moxa	tn-5900_firmware	*
moxa	tn-5900	-
moxa	tn-4900_firmware	*
moxa	tn-4900	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
              "versionEndIncluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E0C68-A369-4079-86CC-0E63408C48E7",
              "versionEndIncluding": "1.2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
    }
  ],
  "id": "CVE-2023-34214",
  "lastModified": "2024-11-21T08:06:47.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "psirt@moxa.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-17T03:15:09.747",
  "references": [
    {
      "source": "psirt@moxa.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
    }
  ],
  "sourceIdentifier": "psirt@moxa.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@moxa.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FHVV-XJVF-6VWJ

Vulnerability from github – Published: 2023-08-17 03:30 – Updated: 2024-04-04 07:01

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-34214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-17T03:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. ",
  "id": "GHSA-fhvv-xjvf-6vwj",
  "modified": "2024-04-04T07:01:06Z",
  "published": "2023-08-17T03:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34214"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-34214

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-34214

Aliases

CVE-2023-34214

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-34214",
    "id": "GSD-2023-34214"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-34214"
      ],
      "details": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. ",
      "id": "GSD-2023-34214",
      "modified": "2023-12-13T01:20:30.956167Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@moxa.com",
        "ID": "CVE-2023-34214",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "TN-5900 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "3.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "TN-4900 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "1.2.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "EDR-810 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "5.12.27"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "EDR-G902 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "5.7.17"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "EDR-G903 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "5.7.15"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Moxa"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. "
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-77",
                "lang": "eng",
                "value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
            "refsource": "MISC",
            "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@moxa.com",
          "ID": "CVE-2023-34214"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. "
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-08-22T19:05Z",
      "publishedDate": "2023-08-17T03:15Z"
    }
  }
}

VAR-202308-2748

Vulnerability from variot - Updated: 2024-01-23 22:36

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. of TN-5900 firmware and tn-4900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by China MOXA Company. MOXA TN-5900 is a series of industrial firewall routers produced by MOXA in China

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2748",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tn-5900",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "3.3"
      },
      {
        "model": "tn-4900",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.2.4"
      },
      {
        "model": "tn-5900",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "tn-4900",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "tn-5900",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "\u003c=3.3"
      },
      {
        "model": "tn-4900",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "\u003c=1.2.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "cve": "CVE-2023-34214",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2023-64098",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@moxa.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-34214",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-34214",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "psirt@moxa.com",
            "id": "CVE-2023-34214",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-64098",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. of TN-5900 firmware and tn-4900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by China MOXA Company. MOXA TN-5900 is a series of industrial firewall routers produced by MOXA in China",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34214"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-34214",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34214",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "id": "VAR-202308-2748",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      }
    ],
    "trust": 1.01666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      }
    ]
  },
  "last_update_date": "2024-01-23T22:36:52.417000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for MOXA TN-4900 and TN-5900 Command Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/452541"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34214"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      },
      {
        "date": "2023-08-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-34214"
      },
      {
        "date": "2024-01-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "date": "2023-08-17T03:15:09.747000",
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-64098"
      },
      {
        "date": "2023-08-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-34214"
      },
      {
        "date": "2024-01-22T02:52:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      },
      {
        "date": "2023-08-22T19:05:01.607000",
        "db": "NVD",
        "id": "CVE-2023-34214"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 firmware and \u00a0tn-4900\u00a0 Command injection vulnerability in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022069"
      }
    ],
    "trust": 0.8
  }
}

CNVD-2023-64098

Vulnerability from cnvd - Published: 2023-08-21

Title

MOXA TN-4900 and TN-5900命令注入漏洞

Description

MOXA TN-4900是中国摩莎（MOXA）公司的一系列工业防火墙路由器。MOXA TN-5900是中国摩莎（MOXA）公司的一系列工业防火墙路由器。 MOXA TN-4900 and TN-5900存在命令注入漏洞，攻击者可利用该漏洞在受影响的设备上执行远程代码。

Severity

高

Patch Name

MOXA TN-4900 and TN-5900命令注入漏洞的补丁

Patch Description

MOXA TN-4900是中国摩莎（MOXA）公司的一系列工业防火墙路由器。MOXA TN-5900是中国摩莎（MOXA）公司的一系列工业防火墙路由器。 MOXA TN-4900 and TN-5900存在命令注入漏洞，攻击者可利用该漏洞在受影响的设备上执行远程代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

Reference

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

Impacted products

Name
['Moxa TN-5900 <=3.3', 'Moxa TN-4900 <=1.2.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-34214",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-34214"
    }
  },
  "description": "MOXA TN-4900\u662f\u4e2d\u56fd\u6469\u838e\uff08MOXA\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u5de5\u4e1a\u9632\u706b\u5899\u8def\u7531\u5668\u3002MOXA TN-5900\u662f\u4e2d\u56fd\u6469\u838e\uff08MOXA\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u5de5\u4e1a\u9632\u706b\u5899\u8def\u7531\u5668\u3002\n\nMOXA TN-4900 and TN-5900\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u4e0a\u6267\u884c\u8fdc\u7a0b\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-64098",
  "openTime": "2023-08-21",
  "patchDescription": "MOXA TN-4900\u662f\u4e2d\u56fd\u6469\u838e\uff08MOXA\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u5de5\u4e1a\u9632\u706b\u5899\u8def\u7531\u5668\u3002MOXA TN-5900\u662f\u4e2d\u56fd\u6469\u838e\uff08MOXA\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u5de5\u4e1a\u9632\u706b\u5899\u8def\u7531\u5668\u3002\r\n\r\n\r\nMOXA TN-4900 and TN-5900\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u4e0a\u6267\u884c\u8fdc\u7a0b\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MOXA TN-4900 and TN-5900\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Moxa TN-5900 \u003c=3.3",
      "Moxa TN-4900 \u003c=1.2.4"
    ]
  },
  "referenceLink": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
  "serverity": "\u9ad8",
  "submitTime": "2023-08-19",
  "title": "MOXA TN-4900 and TN-5900\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-34214 (GCVE-0-2023-34214)

Solution

Solution

Tags

Sightings

Nomenclature