CVE-2024-4740

Summary

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.

Affected Software

VendorProductVersion RangeStatus
MoxaMXsecurity Series1.0 <= 1.1.0affected

Weaknesses

  • CWE-798: CWE-798: Use of Hard-coded Credentials

Workarounds

  • Minimize network exposure to ensure the device is not accessible from the Internet.

  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).

  • The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References