cvelistv5 - cve-2025-0193

CVE-2025-0193 (GCVE-0-2025-0193)

Vulnerability from cvelistv5 – Published: 2025-01-15 11:05 – Updated: 2025-01-15 14:35

Title

Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

Summary

A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions or other impacts, depending on the user's privileges.

Severity ?

5.2 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

Moxa

References

URL

Tags

https://www.moxa.com/en/support/product-support/s…

vendor-advisory

Impacted products

Vendor

Product

Version

Moxa

MGate 5121 Series

Affected: 1.0 (custom)

	Moxa	MGate 5122 Series	Affected: 1.0 (custom)
	Moxa	MGate 5123 Series	Affected: 1.0 (custom)

Credits

Dmitrii Mosichkin

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0193",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T14:35:02.965309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T14:35:22.364Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MGate 5121 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MGate 5122 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MGate 5123 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dmitrii Mosichkin"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the \"Login Message\" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtinuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eor other impacts\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e,\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;depending on the user\u0027s privileges.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the \"Login Message\" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are\u00a0continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions\u00a0or other impacts,\u00a0depending on the user\u0027s privileges."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592: Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-15T11:05:11.594Z",
        "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "shortName": "Moxa"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMoxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below. \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eMGate 5121 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-5121-series#resources\"\u003ethe firmware version 2.0\u003c/a\u003e\u0026nbsp;or later version\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eMGate 5122 Series: Upgrade to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ethernet-ip-gateways/mgate-5122-series#resources\"\u003ethe firmware version 2.0\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later version\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eMGate 5123 Series: Upgrade to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/profinet-gateways/mgate-5123-series#resources\"\u003ethe firmware version 2.0\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later version\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below. \n\n\n\n  *  MGate 5121 Series: Upgrade to  the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-5121-series#resources \u00a0or later version\n  *  MGate 5122 Series: Upgrade to  the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ethernet-ip-gateways/mgate-5122-series#resources \u00a0or later version\n  *  MGate 5123 Series: Upgrade to  the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/profinet-gateways/mgate-5123-series#resources \u00a0or later version"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003eEnsure that administrator accounts use strong, unique passwords, and restrict access to trusted personnel only.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "*  Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n  *  Ensure that administrator accounts use strong, unique passwords, and restrict access to trusted personnel only."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
    "assignerShortName": "Moxa",
    "cveId": "CVE-2025-0193",
    "datePublished": "2025-01-15T11:05:11.594Z",
    "dateReserved": "2025-01-03T08:10:03.462Z",
    "dateUpdated": "2025-01-15T14:35:22.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0193\",\"sourceIdentifier\":\"psirt@moxa.com\",\"published\":\"2025-01-15T11:15:09.280\",\"lastModified\":\"2025-01-15T11:15:09.280\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the \\\"Login Message\\\" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are\u00a0continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions\u00a0or other impacts,\u00a0depending on the user\u0027s privileges.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de Cross-site Scripting (XSS) almacenada en la versi\u00f3n v1.0 del firmware de la serie MGate 5121/5122/5123 debido a una desinfecci\u00f3n y codificaci\u00f3n insuficientes de la entrada del usuario en la funci\u00f3n \\\"Login Message\\\". Un atacante autenticado con acceso administrativo puede aprovechar esta vulnerabilidad para inyectar scripts maliciosos que se almacenan continuamente en el dispositivo. Estos scripts se ejecutan cuando otros usuarios acceden a la p\u00e1gina de inicio de sesi\u00f3n, lo que puede dar lugar a acciones no autorizadas u otros impactos, seg\u00fan los privilegios del usuario.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series\",\"source\":\"psirt@moxa.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0193\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-15T14:35:02.965309Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-15T14:35:14.611Z\"}}], \"cna\": {\"title\": \"Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Dmitrii Mosichkin\"}], \"impacts\": [{\"capecId\": \"CAPEC-592\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-592: Stored XSS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Moxa\", \"product\": \"MGate 5121 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"MGate 5122 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"MGate 5123 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below. \\n\\n\\n\\n  *  MGate 5121 Series: Upgrade to  the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-5121-series#resources \\u00a0or later version\\n  *  MGate 5122 Series: Upgrade to  the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ethernet-ip-gateways/mgate-5122-series#resources \\u00a0or later version\\n  *  MGate 5123 Series: Upgrade to  the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/profinet-gateways/mgate-5123-series#resources \\u00a0or later version\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eMoxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below. \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eMGate 5121 Series: Upgrade to \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-5121-series#resources\\\"\u003ethe firmware version 2.0\u003c/a\u003e\u0026nbsp;or later version\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003eMGate 5122 Series: Upgrade to \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ethernet-ip-gateways/mgate-5122-series#resources\\\"\u003ethe firmware version 2.0\u003c/a\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp;or later version\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003eMGate 5123 Series: Upgrade to \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/profinet-gateways/mgate-5123-series#resources\\\"\u003ethe firmware version 2.0\u003c/a\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp;or later version\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"*  Minimize network exposure to ensure the device is not accessible from the Internet. \\n\\n\\n  *  Ensure that administrator accounts use strong, unique passwords, and restrict access to trusted personnel only.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003eEnsure that administrator accounts use strong, unique passwords, and restrict access to trusted personnel only.\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the \\\"Login Message\\\" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are\\u00a0continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions\\u00a0or other impacts,\\u00a0depending on the user\u0027s privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the \\\"Login Message\\\" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003econtinuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eor other impacts\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e,\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;depending on the user\u0027s privileges.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"shortName\": \"Moxa\", \"dateUpdated\": \"2025-01-15T11:05:11.594Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0193\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-15T14:35:22.364Z\", \"dateReserved\": \"2025-01-03T08:10:03.462Z\", \"assignerOrgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"datePublished\": \"2025-01-15T11:05:11.594Z\", \"assignerShortName\": \"Moxa\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0036

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Moxa	N/A	MGate 5123 Series sans les derniers correctifs de sécurité
Moxa	N/A	EDS-508A Series sans les derniers correctifs de sécurité
Moxa	N/A	MGate 5121 Series sans les derniers correctifs de sécurité
Moxa	N/A	MGate 5122 Series sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa mpsa-241407	2025-01-15	vendor-advisory
Bulletin de sécurité Moxa mpsa-247733	2025-01-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MGate 5123 Series\u00a0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "EDS-508A Series sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "MGate 5121 Series\u00a0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "MGate 5122 Series\u00a0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0193"
    },
    {
      "name": "CVE-2024-12297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12297"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-241407",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series"
    },
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-247733",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series"
    }
  ]
}

CERTFR-2025-AVI-0036

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Moxa	N/A	MGate 5123 Series sans les derniers correctifs de sécurité
Moxa	N/A	EDS-508A Series sans les derniers correctifs de sécurité
Moxa	N/A	MGate 5121 Series sans les derniers correctifs de sécurité
Moxa	N/A	MGate 5122 Series sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa mpsa-241407	2025-01-15	vendor-advisory
Bulletin de sécurité Moxa mpsa-247733	2025-01-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MGate 5123 Series\u00a0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "EDS-508A Series sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "MGate 5121 Series\u00a0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "MGate 5122 Series\u00a0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0193"
    },
    {
      "name": "CVE-2024-12297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12297"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-241407",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series"
    },
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-247733",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series"
    }
  ]
}

GHSA-M56G-XX45-238C

Vulnerability from github – Published: 2025-01-15 12:30 – Updated: 2025-01-15 12:30

Details

Severity ?

5.2 (Medium)


                  
                    CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-0193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the \"Login Message\" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are\u00a0continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions\u00a0or other impacts,\u00a0depending on the user\u0027s privileges.",
  "id": "GHSA-m56g-xx45-238c",
  "modified": "2025-01-15T12:30:45Z",
  "published": "2025-01-15T12:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0193"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2025-0193

Vulnerability from fkie_nvd - Published: 2025-01-15 11:15 - Updated: 2025-01-15 11:15

Severity ?

5.2 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Summary

References

	URL	Tags
	psirt@moxa.com	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the \"Login Message\" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are\u00a0continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions\u00a0or other impacts,\u00a0depending on the user\u0027s privileges."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de Cross-site Scripting (XSS) almacenada en la versi\u00f3n v1.0 del firmware de la serie MGate 5121/5122/5123 debido a una desinfecci\u00f3n y codificaci\u00f3n insuficientes de la entrada del usuario en la funci\u00f3n \"Login Message\". Un atacante autenticado con acceso administrativo puede aprovechar esta vulnerabilidad para inyectar scripts maliciosos que se almacenan continuamente en el dispositivo. Estos scripts se ejecutan cuando otros usuarios acceden a la p\u00e1gina de inicio de sesi\u00f3n, lo que puede dar lugar a acciones no autorizadas u otros impactos, seg\u00fan los privilegios del usuario."
    }
  ],
  "id": "CVE-2025-0193",
  "lastModified": "2025-01-15T11:15:09.280",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.2,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "psirt@moxa.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-15T11:15:09.280",
  "references": [
    {
      "source": "psirt@moxa.com",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series"
    }
  ],
  "sourceIdentifier": "psirt@moxa.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@moxa.com",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-0193 (GCVE-0-2025-0193)

CERTFR-2025-AVI-0036

Solutions

CERTFR-2025-AVI-0036

Solutions

GHSA-M56G-XX45-238C

FKIE_CVE-2025-0193

Tags

Sightings

Nomenclature