|
199551
|
7.5 |
HIGH
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-7001
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199552
|
7.5 |
HIGH
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-6997
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199553
|
9.8 |
CRITICAL
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
|
CWE-521
Weak Password Requirements
|
CVE-2020-6991
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199554
|
8.8 |
HIGH
Adjacent
|
honeywell
|
win-pak
|
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
|
CWE-74
Injection
|
CVE-2020-6982
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199555
|
9.8 |
CRITICAL
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-6981
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199556
|
7.5 |
HIGH
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-6979
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199557
|
7.2 |
HIGH
Network
|
honeywell
|
win-pak
|
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
|
NVD-CWE-Other
|
CVE-2020-6978
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199558
|
8.8 |
HIGH
Network
|
honeywell
|
win-pak
|
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
|
CWE-352
Origin Validation Error
|
CVE-2020-7005
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199559
|
9.8 |
CRITICAL
Network
|
moxa
|
pt-7528-24tx-hv_firmware
pt-7528-24tx-hv-hv_firmware
pt-7528-24tx-wv_firmware
pt-7528-24tx-wv-hv_firmware
pt-7528-24tx-wv-wv_firmware
pt-7528-12msc-12tx-4gsfp-hv_firmware
pt-7528-12…
|
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unau…
|
CWE-521
Weak Password Requirements
|
CVE-2020-6995
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199560
|
7.5 |
HIGH
Network
|
moxa
|
pt-7528-24tx-hv_firmware
pt-7528-24tx-hv-hv_firmware
pt-7528-24tx-wv_firmware
pt-7528-24tx-wv-hv_firmware
pt-7528-24tx-wv-wv_firmware
pt-7528-12msc-12tx-4gsfp-hv_firmware
pt-7528-12…
|
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorizati…
|
CWE-200
Information Exposure
|
CVE-2020-6993
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
