CVE-2023-34214 - Vulnerability Details

Vendors	Products
Moxa	Edr-810 Edr-g902 Edr-g903 Tn-4900 Tn-4900 Firmware Tn-5900 Tn-5900 Firmware

Link	Providers
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

Type	Values Removed	Values Added
Description	TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.	TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
Weaknesses		CWE-78

Type	Values Removed	Values Added
First Time appeared		Moxa edr-810 Moxa edr-g902 Moxa edr-g903
CPEs		cpe:2.3:h:moxa:edr-810:-:::::::* cpe:2.3:h:moxa:edr-g902:-:::::::* cpe:2.3:h:moxa:edr-g903:-:::::::*
Vendors & Products		Moxa edr-810 Moxa edr-g902 Moxa edr-g903
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34214", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2023-05-31T08:58:06.149Z", "datePublished": "2023-08-17T02:26:05.428Z", "dateUpdated": "2024-10-28T06:07:21.645Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TN-5900 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.3", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TN-4900 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.2.4", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDR-810 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "5.12.27", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDR-G902 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "5.7.17", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDR-G903 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "5.7.15", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."}], "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-28T06:07:21.645Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:<br><ul><li><li>TN-4900 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\">v3.0 or higher.</a></li><li>TN-5900 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\">v3.4 or higher.</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">EDR-810 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\">v5.12.29 or higher.</a></span></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">EDR-G902 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\">v5.7.21 or higher.</a></span></span></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">EDR-G903 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\">v5.7.21 or higher.</a></span></span></span></span></li></li></ul>"}], "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources"}], "source": {"discovery": "EXTERNAL"}, "title": "Second Order Command-injection Vulnerability in the Certificate-generation Function", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:01:54.270Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"}]}, {"affected": [{"vendor": "moxa", "product": "tn-5900", "cpes": ["cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.3", "versionType": "custom"}]}, {"vendor": "moxa", "product": "tn-4900", "cpes": ["cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "1.2.4", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edr-810", "cpes": ["cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "5.12.27", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edr-g902", "cpes": ["cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "5.7.17", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edr-g903", "cpes": ["cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "5.7.15", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T17:30:32.666754Z", "id": "CVE-2023-34214", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T17:37:23.351Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-34214 (string)

assignerOrgId : 2e0a0ee2-d866-482a-9f5e-ac03d156dbaa (string)

state : PUBLISHED (string)

assignerShortName : Moxa (string)

dateReserved : 2023-05-31T08:58:06.149Z (string)

datePublished : 2023-08-17T02:26:05.428Z (string)

dateUpdated : 2024-10-28T06:07:21.645Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : TN-5900 Series (string)

vendor : Moxa (string)

versions : [ »

0 : { »

lessThanOrEqual : 3.3 (string)

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : TN-4900 Series (string)

vendor : Moxa (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.2.4 (string)

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

product : EDR-810 Series (string)

vendor : Moxa (string)

versions : [ »

0 : { »

lessThanOrEqual : 5.12.27 (string)

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

}

]

}

3 : { »

defaultStatus : unaffected (string)

product : EDR-G902 Series (string)

vendor : Moxa (string)

versions : [ »

0 : { »

lessThanOrEqual : 5.7.17 (string)

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

}

]

}

4 : { »

defaultStatus : unaffected (string)

product : EDR-G903 Series (string)

vendor : Moxa (string)

versions : [ »

0 : { »

lessThanOrEqual : 5.7.15 (string)

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. (string)

}

]

value : TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. (string)

}

]

impacts : [ »

0 : { »

capecId : CAPEC-248 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-248 Command Injection (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-78 (string)

description : CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 2e0a0ee2-d866-482a-9f5e-ac03d156dbaa (string)

shortName : Moxa (string)

dateUpdated : 2024-10-28T06:07:21.645Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: <ul><li><li>TN-4900 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources">v3.0 or higher.</a></li><li>TN-5900 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources">v3.4 or higher.</a> </li><li>EDR-810 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources">v5.12.29 or higher.</a></li><li>EDR-G902 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources">v5.7.21 or higher.</a></li><li>EDR-G903 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources">v5.7.21 or higher.</a></li></li></ul> (string)

}

]

value : Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources (string)

}

]

source : { »

discovery : EXTERNAL (string)

}

title : Second Order Command-injection Vulnerability in the Certificate-generation Function (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T16:01:54.270Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities (string)

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : moxa (string)

product : tn-5900 (string)

cpes : [ »

0 : cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 1.0 (string)

status : affected (string)

lessThanOrEqual : 3.3 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : moxa (string)

product : tn-4900 (string)

cpes : [ »

0 : cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 1.0 (string)

status : affected (string)

lessThanOrEqual : 1.2.4 (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : moxa (string)

product : edr-810 (string)

cpes : [ »

0 : cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 1.0 (string)

status : affected (string)

lessThanOrEqual : 5.12.27 (string)

versionType : custom (string)

}

]

}

3 : { »

vendor : moxa (string)

product : edr-g902 (string)

cpes : [ »

0 : cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 1.0 (string)

status : affected (string)

lessThanOrEqual : 5.7.17 (string)

versionType : custom (string)

}

]

}

4 : { »

vendor : moxa (string)

product : edr-g903 (string)

cpes : [ »

0 : cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 1.0 (string)

status : affected (string)

lessThanOrEqual : 5.7.15 (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-08T17:30:32.666754Z (string)

id : CVE-2023-34214 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-08T17:37:23.351Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:01:54.270Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34214", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-08T17:30:32.666754Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "tn-5900", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "tn-4900", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.2.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-810", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "5.12.27"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-g902", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "5.7.17"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-g903", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "5.7.15"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T17:37:05.891Z"}}], "cna": {"title": "Second Order Command-injection Vulnerability in the Certificate-generation Function", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "TN-5900 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.3"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "TN-4900 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.2.4"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-810 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "5.12.27"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-G902 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "5.7.17"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-G903 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "5.7.15"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources", "supportingMedia": [{"type": "text/html", "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:<br><ul><li><li>TN-4900 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\">v3.0 or higher.</a></li><li>TN-5900 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\">v3.4 or higher.</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">EDR-810 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\">v5.12.29 or higher.</a></span></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">EDR-G902 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\">v5.7.21 or higher.</a></span></span></span></li><li><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">EDR-G903 Series: <span style=\"background-color: rgb(255, 255, 255);\">Please upgrade to firmware </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\">v5.7.21 or higher.</a></span></span></span></span></li></li></ul>", "base64": false}]}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.", "supportingMedia": [{"type": "text/html", "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-28T06:07:21.645Z"}}}, "cveMetadata": {"cveId": "CVE-2023-34214", "state": "PUBLISHED", "dateUpdated": "2024-10-28T06:07:21.645Z", "dateReserved": "2023-05-31T08:58:06.149Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2023-08-17T02:26:05.428Z", "assignerShortName": "Moxa"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T16:01:54.270Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-34214 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-08T17:30:32.666754Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:* (string)

]

vendor : moxa (string)

product : tn-5900 (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 3.3 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:* (string)

]

vendor : moxa (string)

product : tn-4900 (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 1.2.4 (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

cpes : [ »

0 : cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:* (string)

]

vendor : moxa (string)

product : edr-810 (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 5.12.27 (string)

}

]

defaultStatus : unknown (string)

}

3 : { »

cpes : [ »

0 : cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:* (string)

]

vendor : moxa (string)

product : edr-g902 (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 5.7.17 (string)

}

]

defaultStatus : unknown (string)

}

4 : { »

cpes : [ »

0 : cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:* (string)

]

vendor : moxa (string)

product : edr-g903 (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 5.7.15 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-08T17:37:05.891Z (string)

}

]

cna : { »

title : Second Order Command-injection Vulnerability in the Certificate-generation Function (string)

source : { »

discovery : EXTERNAL (string)

}

impacts : [ »

0 : { »

capecId : CAPEC-248 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-248 Command Injection (string)

}

]

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 7.2 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Moxa (string)

product : TN-5900 Series (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 3.3 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Moxa (string)

product : TN-4900 Series (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 1.2.4 (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

vendor : Moxa (string)

product : EDR-810 Series (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 5.12.27 (string)

}

]

defaultStatus : unaffected (string)

}

3 : { »

vendor : Moxa (string)

product : EDR-G902 Series (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 5.7.17 (string)

}

]

defaultStatus : unaffected (string)

}

4 : { »

vendor : Moxa (string)

product : EDR-G903 Series (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0 (string)

versionType : custom (string)

lessThanOrEqual : 5.7.15 (string)

}

]

defaultStatus : unaffected (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: <ul><li><li>TN-4900 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources">v3.0 or higher.</a></li><li>TN-5900 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources">v3.4 or higher.</a> </li><li>EDR-810 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources">v5.12.29 or higher.</a></li><li>EDR-G902 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources">v5.7.21 or higher.</a></li><li>EDR-G903 Series: Please upgrade to firmware <a target="_blank" rel="nofollow" href="https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources">v5.7.21 or higher.</a></li></li></ul> (string)

base64 : false (boolean)

}

]

}

]

references : [ »

0 : { »

url : https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities (string)

tags : [ »

0 : vendor-advisory (string)

]

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-78 (string)

description : CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (string)

}

]

}

]

providerMetadata : { »

orgId : 2e0a0ee2-d866-482a-9f5e-ac03d156dbaa (string)

shortName : Moxa (string)

dateUpdated : 2024-10-28T06:07:21.645Z (string)

}

cveMetadata : { »

cveId : CVE-2023-34214 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-28T06:07:21.645Z (string)

dateReserved : 2023-05-31T08:58:06.149Z (string)

assignerOrgId : 2e0a0ee2-d866-482a-9f5e-ac03d156dbaa (string)

datePublished : 2023-08-17T02:26:05.428Z (string)

assignerShortName : Moxa (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71", "versionEndIncluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "442E0C68-A369-4079-86CC-0E63408C48E7", "versionEndIncluding": "1.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*", "matchCriteriaId": "56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."}], "id": "CVE-2023-34214", "lastModified": "2024-11-21T08:06:47.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@moxa.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-17T03:15:09.747", "references": [{"source": "psirt@moxa.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@moxa.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : ABA65A45-A850-440B-8B4B-191D46059E71 (string)

versionEndIncluding : 3.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 442E0C68-A369-4079-86CC-0E63408C48E7 (string)

versionEndIncluding : 1.2.4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. (string)

}

]

id : CVE-2023-34214 (string)

lastModified : 2024-11-21T08:06:47.010 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : psirt@moxa.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-08-17T03:15:09.747 (string)

references : [ »

0 : { »

source : psirt@moxa.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities (string)

}

]

sourceIdentifier : psirt@moxa.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-78 (string)

}

]

source : psirt@moxa.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-77 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object