Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4740", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2024-05-10T09:05:35.936Z", "datePublished": "2024-10-18T08:21:15.659Z", "dateUpdated": "2024-10-18T14:38:21.017Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MXsecurity Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.1.0", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sean Cai"}, {"lang": "en", "type": "finder", "value": "Chris Huang"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."}], "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."}], "impacts": [{"capecId": "CAPEC-191", "descriptions": [{"lang": "en", "value": "CAPEC-191: Read Sensitive Constants Within an Executable"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-18T08:21:15.659Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.</p><ul><li><p>MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\">Moxa Software Licensing Portal</a> </p></li></ul>"}], "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n * MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login"}], "source": {"discovery": "EXTERNAL"}, "title": "MXsecurity Use of Hard-coded Credentials", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet. </p></li></ul></div><div><ul><li><p>When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). </p></li></ul></div><div><ul><li><p>The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f </p></li></ul></div>"}], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n * The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "moxa", "product": "mxsecurity", "cpes": ["cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T14:36:04.335600Z", "id": "CVE-2024-4740", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:38:21.017Z"}}]}}