Action not permitted
Modal body text goes here.
wid-sec-w-2023-2089
Vulnerability from csaf_certbund
Published
2023-08-16 22:00
Modified
2023-08-16 22:00
Summary
Moxa Router: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Moxa Router sind Router für industrielle Anwendungen die darauf ausgelegt sind, in anspruchsvollen Umgebungen zuverlässige und sichere Netzwerkkonnektivität zu bieten.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moxa Router ausnutzen, uum beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- BIOS/Firmware
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Moxa Router sind Router f\u00fcr industrielle Anwendungen die darauf ausgelegt sind, in anspruchsvollen Umgebungen zuverl\u00e4ssige und sichere Netzwerkkonnektivit\u00e4t zu bieten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moxa Router ausnutzen, uum beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2089 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2089.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2089 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2089"
},
{
"category": "external",
"summary": "Moxa Security Advisories - MPSA-230402 vom 2023-08-16",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Moxa Router: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-08-16T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:40:50.388+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2089",
"initial_release_date": "2023-08-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Moxa Router TN-4900 Series \u003c= 1.2.4",
"product": {
"name": "Moxa Router TN-4900 Series \u003c= 1.2.4",
"product_id": "T029390",
"product_identification_helper": {
"cpe": "cpe:/h:moxa:router:1.2.4::tn-4900_series"
}
}
},
{
"category": "product_name",
"name": "Moxa Router TN-5900 Series \u003c 3.4",
"product": {
"name": "Moxa Router TN-5900 Series \u003c 3.4",
"product_id": "T029391",
"product_identification_helper": {
"cpe": "cpe:/h:moxa:router:3.4::tn-5900_series"
}
}
}
],
"category": "product_name",
"name": "Router"
}
],
"category": "vendor",
"name": "Moxa"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34217",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
}
],
"product_status": {
"last_affected": [
"T029390"
]
},
"release_date": "2023-08-16T22:00:00Z",
"title": "CVE-2023-34217"
},
{
"cve": "CVE-2023-34216",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
}
],
"product_status": {
"last_affected": [
"T029390"
]
},
"release_date": "2023-08-16T22:00:00Z",
"title": "CVE-2023-34216"
},
{
"cve": "CVE-2023-34215",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
}
],
"product_status": {
"last_affected": [
"T029390"
]
},
"release_date": "2023-08-16T22:00:00Z",
"title": "CVE-2023-34215"
},
{
"cve": "CVE-2023-34214",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
}
],
"product_status": {
"last_affected": [
"T029390"
]
},
"release_date": "2023-08-16T22:00:00Z",
"title": "CVE-2023-34214"
},
{
"cve": "CVE-2023-34213",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
}
],
"product_status": {
"last_affected": [
"T029390"
]
},
"release_date": "2023-08-16T22:00:00Z",
"title": "CVE-2023-34213"
},
{
"cve": "CVE-2023-33239",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
}
],
"product_status": {
"last_affected": [
"T029390"
]
},
"release_date": "2023-08-16T22:00:00Z",
"title": "CVE-2023-33239"
},
{
"cve": "CVE-2023-33238",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
}
],
"product_status": {
"last_affected": [
"T029390"
]
},
"release_date": "2023-08-16T22:00:00Z",
"title": "CVE-2023-33238"
},
{
"cve": "CVE-2023-33237",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
}
],
"product_status": {
"last_affected": [
"T029390"
]
},
"release_date": "2023-08-16T22:00:00Z",
"title": "CVE-2023-33237"
}
]
}
cve-2023-33239
Vulnerability from cvelistv5
Published
2023-08-17 02:13
Modified
2024-10-28 06:04
Severity ?
EPSS score ?
Summary
Second Order Command-injection Vulnerability in the Key-generation Function
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g903",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:56:35.889846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:03:33.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:04:52.923Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Key-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-33239",
"datePublished": "2023-08-17T02:13:25.280Z",
"dateReserved": "2023-05-19T02:30:16.483Z",
"dateUpdated": "2024-10-28T06:04:52.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34213
Vulnerability from cvelistv5
Published
2023-08-17 02:20
Modified
2024-10-28 06:06
Severity ?
EPSS score ?
Summary
Second Order Command-injection Vulnerability in the Key-generation Function
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Moxa | TN-5900 Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:42:41.686121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:54:04.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein the key\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egeneration function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:06:35.355Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-5900 Series: Please upgrade to firmware v3.4 or higher.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Key-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34213",
"datePublished": "2023-08-17T02:20:20.289Z",
"dateReserved": "2023-05-31T08:58:06.148Z",
"dateUpdated": "2024-10-28T06:06:35.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34215
Vulnerability from cvelistv5
Published
2023-08-17 06:35
Modified
2024-10-28 06:08
Severity ?
EPSS score ?
Summary
Second Order Command-injection Vulnerability in the Certificate-generation Function
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Moxa | TN-5900 Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:28:17.506898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:29:31.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTN-5900 Series firmware versions\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein the certification\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egeneration function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:08:37.703Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-5900 Series: Please upgrade to firmware v3.4 or higher.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Certificate-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34215",
"datePublished": "2023-08-17T06:35:06.293Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-28T06:08:37.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33238
Vulnerability from cvelistv5
Published
2023-08-17 02:04
Modified
2024-10-28 06:03
Severity ?
EPSS score ?
Summary
Command-injection Vulnerability in Certificate Management
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:05:51.367695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:09:34.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:03:40.655Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series:\u0026nbsp;Please upgrade to firmware\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series:\u00a0Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series:\u00a0Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series:\u00a0Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series:\u00a0Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series:\u00a0Please upgrade to firmware\u00a0 v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command-injection Vulnerability in Certificate Management",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-33238",
"datePublished": "2023-08-17T02:04:50.789Z",
"dateReserved": "2023-05-19T02:30:16.483Z",
"dateUpdated": "2024-10-28T06:03:40.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34217
Vulnerability from cvelistv5
Published
2023-08-17 06:48
Modified
2024-10-02 19:58
Severity ?
EPSS score ?
Summary
Second Order Command-injection Vulnerability in the Certificate-delete Function
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:43:12.616230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:58:00.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T07:12:20.397Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Certificate-delete Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34217",
"datePublished": "2023-08-17T06:48:38.770Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-02T19:58:00.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34216
Vulnerability from cvelistv5
Published
2023-08-17 06:41
Modified
2024-10-08 14:10
Severity ?
EPSS score ?
Summary
Second Order Command-injection Vulnerability in the Key-delete Function
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:06:50.997727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:10:45.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T07:07:09.507Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Key-delete Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34216",
"datePublished": "2023-08-17T06:41:41.568Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-08T14:10:45.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33237
Vulnerability from cvelistv5
Published
2023-08-17 01:50
Modified
2024-10-28 06:01
Severity ?
EPSS score ?
Summary
Authentication Bypass Without Administrator Privilege
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Moxa | TN-5900 Series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:10:14.937858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:11:57.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTN-5900 Series firmware\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eversion v3.3 and prior is vulnerable to improper\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eactions that only high-privileged APIs\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eare allowed This presents a potential risk of unauthorized exploitation by malicious actors.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:01:08.088Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-5900 Series: Please upgrade to firmware v3.4 or higher.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass Without Administrator Privilege",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-33237",
"datePublished": "2023-08-17T01:50:53.625Z",
"dateReserved": "2023-05-19T02:30:16.483Z",
"dateUpdated": "2024-10-28T06:01:08.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34214
Vulnerability from cvelistv5
Published
2023-08-17 02:26
Modified
2024-10-28 06:07
Severity ?
EPSS score ?
Summary
Second Order Command-injection Vulnerability in the Certificate-generation Function
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g903",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:30:32.666754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:37:23.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:07:21.645Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Certificate-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34214",
"datePublished": "2023-08-17T02:26:05.428Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-28T06:07:21.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.