Ics-cert Moxa Iks, Eds
9 CVEs affecting Ics-cert Moxa Iks, Eds. Latest disclosed: 2019-03-05. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-6565 | | 2019-03-05 | Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be use… | |
CVE-2019-6563 | | 2019-03-05 | Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a… | |
CVE-2019-6561 | | 2019-03-05 | Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. | |
CVE-2019-6559 | | 2019-03-05 | Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. | |
CVE-2019-6557 | | 2019-03-05 | Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. | |
CVE-2019-6524 | | 2019-03-05 | Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via… | |
CVE-2019-6522 | | 2019-03-05 | Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to re… | |
CVE-2019-6520 | | 2019-03-05 | Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | |
CVE-2019-6518 | | 2019-03-05 | Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. |