CVE-2024-4740
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | MXsecurity Series | 1.0 <= 1.1.0 | affected |
Weaknesses
- CWE-798: CWE-798: Use of Hard-coded Credentials
Workarounds
Minimize network exposure to ensure the device is not accessible from the Internet.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).
The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.