{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4739", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2024-05-10T09:05:34.287Z", "datePublished": "2024-10-18T08:11:04.908Z", "dateUpdated": "2024-10-18T14:40:34.104Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MXsecurity Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.1.0", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sean Cai"}, {"lang": "en", "type": "finder", "value": "Chris Huang"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."}], "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."}], "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "CAPEC-36: Using Unpublished Interfaces or Functionality"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-18T08:11:04.908Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.</p><ul><li><p>MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\">Moxa Software Licensing Portal</a></p></li></ul>"}], "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n  *  MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the  Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login"}], "source": {"discovery": "EXTERNAL"}, "title": "MXsecurity License Generation Function Disclosure", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet. </p></li></ul></div><div><ul><li><p>When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). </p></li></ul></div><div><ul><li><p>The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f&nbsp;</p></li></ul></div>"}], "value": "*  Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n  *  When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n  *  The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "moxa", "product": "mxsecurity", "cpes": ["cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T14:39:37.302578Z", "id": "CVE-2024-4739", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:40:34.104Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4739", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-18T14:39:37.302578Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "mxsecurity", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:40:27.471Z"}}], "cna": {"title": "MXsecurity License Generation Function Disclosure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Sean Cai"}, {"lang": "en", "type": "finder", "value": "Chris Huang"}], "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "CAPEC-36: Using Unpublished Interfaces or Functionality"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "MXsecurity Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n  *  MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the  Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login", "supportingMedia": [{"type": "text/html", "value": "<p>Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.</p><ul><li><p>MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\">Moxa Software Licensing Portal</a></p></li></ul>", "base64": false}]}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "*  Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n  *  When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n  *  The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.", "supportingMedia": [{"type": "text/html", "value": "<div><ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet. </p></li></ul></div><div><ul><li><p>When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). </p></li></ul></div><div><ul><li><p>The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f&nbsp;</p></li></ul></div>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.", "supportingMedia": [{"type": "text/html", "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-18T08:11:04.908Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4739", "state": "PUBLISHED", "dateUpdated": "2024-10-18T14:40:34.104Z", "dateReserved": "2024-05-10T09:05:34.287Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2024-10-18T08:11:04.908Z", "assignerShortName": "Moxa"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "B684EB4B-A888-4494-BAC5-09DD44216846", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."}, {"lang": "es", "value": "La falta de restricci\u00f3n de acceso a un recurso por parte de usuarios no autorizados hace que las versiones v1.1.0 y anteriores del software MXsecurity sean vulnerables. Al obtener un autenticador v\u00e1lido, un atacante puede hacerse pasar por un usuario autorizado y acceder al recurso con \u00e9xito."}], "id": "CVE-2024-4739", "lastModified": "2024-10-22T14:07:02.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2024-10-18T09:15:03.710", "references": [{"source": "psirt@moxa.com", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-749"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}