Individual pages: Моха

CVE IDs


Public ICS-CERT Advisories

ABB VSN300 WiFi Logger Card CVE-2017-7920 (CWE-287: Improper Authentication)
ABB VSN300 WiFi Logger Card CVE-2017-7916 (CWE-264: Permissions, Privileges, and Access Controls)
Newport XPS-Cx, XPS-Qx CVE-2017-7919 (CWE-287: Improper Authentication)
Moxa (OnCell) CVE-2017-7915 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
Moxa (OnCell) CVE-2017-7913 (CWE-256: Plaintext Storage of a Password)
Moxa (OnCell) CVE-2017-7917 (CWE-352: Cross-Site Request Forgery)
Detcon SiteWatch Gateway CVE-2017-6049 (CWE-287: Improper Authentication)
Detcon SiteWatch Gateway CVE-2017-6047 (CWE-256: Plaintext Storage of a Password)
Advantech B+B SmartWorx MESR901 CVE-2017-7909 (CWE-603: Use of Client-Side Authentication)
Siemens RUGGEDCOM ROX I CVE-2017-2686 (CWE-285: Improper Authorization)
Siemens RUGGEDCOM ROX I CVE-2017-2687 (CWE-79: Improper Neutralization of Input During Web Page Generation)
Siemens RUGGEDCOM ROX I CVE-2017-2688 (CWE-352: Cross-Site Request Forgery)
Siemens RUGGEDCOM ROX I CVE-2017-2689 (CWE-285: Improper Authorization)
Eaton xComfort Ethernet Communication Interface CVE-2017-9368 (CWE-284: Improper Access Control)
Honeywell XL Web II Controller CVE-2017-5139 (CWE-256: Plaintext Storage of a Password)
Honeywell XL Web II Controller CVE-2017-5140 (CWE-522: Insufficiently Protected Credentials)
Honeywell XL Web II Controller CVE-2017-5141 (CWE-384: Session Fixation)
Honeywell XL Web II Controller CVE-2017-5142 (CWE-269: Improper Privilege Management)
Honeywell XL Web II Controller CVE-2017-5143 (CWE-23: Relative Path Traversal)
Eaton ePDU CVE-2016-9357 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
WAGO Ethernet Web-based Management CVE-2016-9362 (CWE-592: Authentication Bypass Issues)
Sauter NovaWeb Web HMI CVE-2016-5782 (CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision)
INTERSCHALT maritime systems VDR G4e CVE-2016-9339 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
Moxa (NPort) CVE-2016-9366 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
Moxa (NPort) CVE-2016-9365 (CWE-352: Cross-Site Request Forgery)
Moxa (NPort) CVE-2016-9348 (CWE-256: Plaintext Storage of a Password)
Lynxspring JENEsys BAS Bridge Vulnerabilities CVE-2016-8357 (CWE-264: Permissions, Privileges, and Access Controls)
Lynxspring JENEsys BAS Bridge Vulnerabilities CVE-2016-8361 (CWE-306: Missing Authentication for Critical Function)
Lynxspring JENEsys BAS Bridge Vulnerabilities CVE-2016-8378 (CWE-522: Insufficiently Protected Credentials)
Lynxspring JENEsys BAS Bridge Vulnerabilities CVE-2016-8369 (CWE-352: Cross-Site Request Forgery)
Moxa (Moxa OnCell Security Vulnerabilities) CVE-2016-8363 (CWE-264: Permissions, Privileges, and Access Controls)
Moxa (Moxa OnCell Security Vulnerabilities) CVE-2016-8362 (CWE-287: Improper Authentication)
Moxa (EDR-810 Industrial Secure Router) CVE-2016-8346 (CWE-284: Improper Access Control)
American Auto-Matrix Front-End Solutions CVE-2016-2307 (CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program)
American Auto-Matrix Front-End Solutions CVE-2016-2308 (CWE-256: Plaintext Storage of a Password)
Trane Tracer SC CVE-2016-0870 (CWE-668: Exposure of Resource to Wrong Sphere)
Moxa (OnCell) CVE-2016-5819 (CWE-79: Improper Neutralization of Input During Web Page Generation)
Moxa (OnCell) CVE-2016-5799 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
Moxa (OnCell) CVE-2016-5812 (CWE-256: Plaintext Storage of a Password)
Moxa (MGate) CVE-2016-5804 (CWE-326: Inadequate Encryption Strength)
Moxa (Device Server Web Console) CVE-2016-4503 (CWE-639: Authorization Bypass Through User-Controlled Key)
Rexroth Bosch BLADEcontrol-WebVIS CVE-2016-4507 (CWE-564: SQL Injection)
Rexroth Bosch BLADEcontrol-WebVIS CVE-2016-4508 (CWE-79: Cross-Site Scripting)
KMC Controls Conquest BACnet Router CVE-2016-4494 (CWE-352: Cross-Site Request Forgery)
KMC Controls Conquest BACnet Router CVE-2016-4495 (CWE-306: Missing Authentication for Critical Function)
Environmental Systems Corporation Data Controller CVE-2016-4501 (CWE-287: Improper Authentication)
Environmental Systems Corporation Data Controller CVE-2016-4502 (CWE-264: Permissions, Privileges, and Access Controls)
Resource Data Management Intuitive 650 TDB Controller CVE-2016-4505 (CWE-269: Improper Privilege Escalation)
Resource Data Management Intuitive 650 TDB Controller CVE-2016-4506 (CWE-352: Cross-Site Request Forgery)
Moxa (EDR-G903 Secure Router) CVE-2016-0875 (CWE-284: Improper Access Control)
Moxa (EDR-G903 Secure Router) CVE-2016-0876 (CWE-256: Plaintext Storage of a Password)
Moxa (EDR-G903 Secure Router) CVE-2016-0877 (CWE-401: Improper Release of Memory Before Removing Last Reference)
Moxa (EDR-G903 Secure Router) CVE-2016-0878 (CWE-400: Uncontrolled Resource Consumption
Moxa (EDR-G903 Secure Router) CVE-2016-0879 (CWE-264: Permissions, Privileges, and Access Controls)
Accuenergy Acuvim II Series CVE-2016-2293 (CWE-592: Authentication Bypass Issues)
Accuenergy Acuvim II Series CVE-2016-2294 (CWE-256: Plaintext Storage of a Password)
Sierra Wireless ACEmanager CVE-2016-6479 (CWE-538: File and Directory Information Exposure)
Eaton Lighting Systems EG2 Web Control CVE-2016-2272 (CWE-565: Reliance on Cookies without Validation and Integrity Checking)
Eaton Lighting Systems EG2 Web Control CVE-2016-0871 (CWE-312: Cleartext Storage of Sensitive Information)
ICONICS WebHMI CVE-2016-2289 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
B+B SmartWorx VESP211 CVE-2016-2275 (CWE-603: Use of Client-Side Authentication)
Tollgrade SmartGrid Sensor Management System Software CVE-2016-0863 (CWE-352: Cross-Site Request Forgery)
Tollgrade SmartGrid Sensor Management System Software CVE-2016-0864 (CWE-200: Information Exposure)
Tollgrade SmartGrid Sensor Management System Software CVE-2016-0865 (CWE-522: Insufficiently Protected Credentials)
Tollgrade SmartGrid Sensor Management System Software CVE-2016-0866 (CWE-79: Improper Neutralization of Input During Web Page Generation)
CAREL PlantVisor Enhanced CVE-2015-0867 (CWE-20: Improper Input Validation)
LOYTEC Router CVE-2015-7906 (CWE-200: Information Exposure)
Honeywell Midas Gas Detector CVE-2015-7907 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
Honeywell Midas Gas Detector CVE-2015-7908 (CWE-319: Cleartext Transmission of Sensitive Information)
Exemys Web Server (Telemetry Web Server) CVE-2015-7910 (CWE-592: Authentication Bypass issues)
EasyIO-30P-SF CVE-2015-3974 (CWE-259: Use of Hard-coded Password)
Resource Data Management (Resource Data Management’s Data Manager application) CVE-2015-6470 (CWE-269: Improper Privilege Management)
Resource Data Management (Resource Data Management’s Data Manager application) CVE-2015-6468 (CWE-352: Cross-Site Request Forgery)
IBC Solar ServeMaster CVE-2015-6469 (CWE-200: Information Exposure)
IBC Solar ServeMaster CVE-2015-6474 (CWE-256: Plaintext Storage of a Password)
IBC Solar ServeMaster CVE-2015-6475 (CWE-79: Improper Neutralization of Input During Web Page Generation)
Sinapsi eSolar Light Sinapsi eSolar Light CVE-2015-3949 (CWE-256: Plain Text Storage of a Password)
RLE Nova-Wind Turbine HMI CVE-2015-3951 (CWE-256: Plaintext Storage of a Password)
XZERES 442SR Wind Turbine CVE-2015-0985 (CWE-352: Cross-Site Request Forgery)
XZERES 442SR Wind Turbine CVE-2015-3950 (CWE-352: Cross-Site Request Forgery)


Public CERT Advisories

Chiyu Technology (fingerprint access control device) CVE-2015-2870 (CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page)
Chiyu Technology (fingerprint access control device) CVE-2015-2871 (CWE-288: Authentication Bypass Using an Alternate Path or Channel)
Honeywell (Tuxedo Touch Controller) CVE-2015-2847 (CWE-603: Use of Client-Side Authentication)
Honeywell (Tuxedo Touch Controller) CVE-2015-2848 (CWE-352: Cross-Site Request Forgery)


Cryptocat CVE-2013-4104
Cryptocat CVE-2013-2260
Cryptocat CVE-2013-4107
Cryptocat CVE-2013-4105
PhpMyAdmin CVE-2013-3742 (CWE-79: Cross-Site Scripting)
Piwik CVE-2012-4541 (CWE-79: Cross-Site Scripting)
PhpMyAdmin CVE-2012-5339 (CWE-79: Cross-Site Scripting)
PhpMyAdmin CVE-2011-4634 (CWE-79: Cross-Site Scripting)