Individual pages: Моха



Public Advisories 


Public Security Advisories from Vendors

Echelon: ESA-20180823-01 i.LON 600 Authentication Bypass


Public ICS-CERT Advisories

Ice Qube Thermal Management Center
CVE-2017-14026 (CWE-284: Improper Access Control)
Ice Qube Thermal Management Center
CVE-2017-16714 (CWE-256: Unprotected Storage of Credentials )
BeaconMedaes TotalAlert Scroll Medical Air Systems
CVE-2018-7526 (CWE-284: Improper Access Control)
BeaconMedaes TotalAlert Scroll Medical Air Systems
CVE-2018-7518 (CWE-522: Insufficiently Protected Credentials)
BeaconMedaes TotalAlert Scroll Medical Air Systems
CVE-2018-7510 (CWE-256: Unprotected Storage of Credentials)
ABB IP Gateway
CVE-2017-7931 (CWE-287: Improper Authentication)
ABB IP Gateway
CVE-2017-7906 (CWE-352: Cross-Site Request Forgery)
ABB IP Gateway
CVE-2017-7933 (CWE-256: Unprotected Storage of Credentials)
PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH
CVE-2017-16723 (CWE-79: Improper Neutralization of Input During Web Page Generation)
ProMinent MultiFLEX M10a Controller
CVE-2017-14013 (CWE-602: Client-Side Enforcement of Server-Side Security)
ProMinent MultiFLEX M10a Controller
CVE-2017-14007 (CWE-613: Insufficient Session Expiration)
ProMinent MultiFLEX M10a Controller
CVE-2017-14011 (CWE-352: Cross-Site Request Forgery)
ProMinent MultiFLEX M10a Controller
CVE-2017-14009 (CWE-200: Information Exposure)
ProMinent MultiFLEX M10a Controller
CVE-2017-14005 (CWE-620: Unverified Password Change)
LAVA Computer MFG Inc. Ether-Serial Link
CVE-2017-14003 (CWE-290: Authentication Bypass by Spoofing)
Siemens 7KT PAC1200 Data Manager
CVE-2017-9944 (CWE-288: Authentication Bypass Using an Alternate Path or Channel)
Ctek, Inc. SkyRouter
CVE-2017-14000 (CWE-287: Improper Authentication)
Siemens LOGO!
CVE-2017-12734 (CWE-522: Insufficiently Protected Credentials)
ABB VSN300 WiFi Logger Card
CVE-2017-7920 (CWE-287: Improper Authentication)
ABB VSN300 WiFi Logger Card
CVE-2017-7916 (CWE-264: Permissions, Privileges, and Access Controls)
Newport XPS-Cx, XPS-Qx
CVE-2017-7919 (CWE-287: Improper Authentication)
Moxa (OnCell)
CVE-2017-7915 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
Moxa (OnCell)
CVE-2017-7913 (CWE-256: Plaintext Storage of a Password)
Moxa (OnCell)
CVE-2017-7917 (CWE-352: Cross-Site Request Forgery)
Detcon SiteWatch Gateway
CVE-2017-6049 (CWE-287: Improper Authentication)
Detcon SiteWatch Gateway
CVE-2017-6047 (CWE-256: Plaintext Storage of a Password)
Advantech B+B SmartWorx MESR901
CVE-2017-7909 (CWE-603: Use of Client-Side Authentication)
Siemens RUGGEDCOM ROX I
CVE-2017-2686 (CWE-285: Improper Authorization)
Siemens RUGGEDCOM ROX I
CVE-2017-2687 (CWE-79: Improper Neutralization of Input During Web Page Generation)
Siemens RUGGEDCOM ROX I
CVE-2017-2688 (CWE-352: Cross-Site Request Forgery)
Siemens RUGGEDCOM ROX I
CVE-2017-2689 (CWE-285: Improper Authorization)
Eaton xComfort Ethernet Communication Interface
CVE-2017-9368 (CWE-284: Improper Access Control)
Honeywell XL Web II Controller
CVE-2017-5139 (CWE-256: Plaintext Storage of a Password)
Honeywell XL Web II Controller
CVE-2017-5140 (CWE-522: Insufficiently Protected Credentials)
Honeywell XL Web II Controller
CVE-2017-5141 (CWE-384: Session Fixation)
Honeywell XL Web II Controller
CVE-2017-5142 (CWE-269: Improper Privilege Management)
Honeywell XL Web II Controller
CVE-2017-5143 (CWE-23: Relative Path Traversal)
Eaton ePDU
CVE-2016-9357 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
WAGO Ethernet Web-based Management
CVE-2016-9362 (CWE-592: Authentication Bypass Issues)
Sauter NovaWeb Web HMI
CVE-2016-5782 (CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision)
INTERSCHALT maritime systems VDR G4e
CVE-2016-9339 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
Moxa (NPort)
CVE-2016-9366 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
Moxa (NPort)
CVE-2016-9365 (CWE-352: Cross-Site Request Forgery)
Moxa (NPort)
CVE-2016-9348 (CWE-256: Plaintext Storage of a Password)
Lynxspring JENEsys BAS Bridge Vulnerabilities
CVE-2016-8357 (CWE-264: Permissions, Privileges, and Access Controls)
Lynxspring JENEsys BAS Bridge Vulnerabilities
CVE-2016-8361 (CWE-306: Missing Authentication for Critical Function)
Lynxspring JENEsys BAS Bridge Vulnerabilities
CVE-2016-8378 (CWE-522: Insufficiently Protected Credentials)
Lynxspring JENEsys BAS Bridge Vulnerabilities
CVE-2016-8369 (CWE-352: Cross-Site Request Forgery)
Moxa (Moxa OnCell Security Vulnerabilities)
CVE-2016-8363 (CWE-264: Permissions, Privileges, and Access Controls)
Moxa (Moxa OnCell Security Vulnerabilities)
CVE-2016-8362 (CWE-287: Improper Authentication)
Moxa (EDR-810 Industrial Secure Router)
CVE-2016-8346 (CWE-284: Improper Access Control)
American Auto-Matrix Front-End Solutions
CVE-2016-2307 (CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program)
American Auto-Matrix Front-End Solutions
CVE-2016-2308 (CWE-256: Plaintext Storage of a Password)
Trane Tracer SC
CVE-2016-0870 (CWE-668: Exposure of Resource to Wrong Sphere)
Moxa (OnCell)
CVE-2016-5819 (CWE-79: Improper Neutralization of Input During Web Page Generation)
Moxa (OnCell)
CVE-2016-5799 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
Moxa (OnCell)
CVE-2016-5812 (CWE-256: Plaintext Storage of a Password)
Moxa (MGate)
CVE-2016-5804 (CWE-326: Inadequate Encryption Strength)
Moxa (Device Server Web Console)
CVE-2016-4503 (CWE-639: Authorization Bypass Through User-Controlled Key)
Rexroth Bosch BLADEcontrol-WebVIS
CVE-2016-4507 (CWE-564: SQL Injection)
Rexroth Bosch BLADEcontrol-WebVIS
CVE-2016-4508 (CWE-79: Cross-Site Scripting)
KMC Controls Conquest BACnet Router
CVE-2016-4494 (CWE-352: Cross-Site Request Forgery)
KMC Controls Conquest BACnet Router
CVE-2016-4495 (CWE-306: Missing Authentication for Critical Function)
Environmental Systems Corporation Data Controller
CVE-2016-4501 (CWE-287: Improper Authentication)
Environmental Systems Corporation Data Controller
CVE-2016-4502 (CWE-264: Permissions, Privileges, and Access Controls)
Resource Data Management Intuitive 650 TDB Controller
CVE-2016-4505 (CWE-269: Improper Privilege Escalation)
Resource Data Management Intuitive 650 TDB Controller
CVE-2016-4506 (CWE-352: Cross-Site Request Forgery)
Moxa (EDR-G903 Secure Router)
CVE-2016-0875 (CWE-284: Improper Access Control)
Moxa (EDR-G903 Secure Router)
CVE-2016-0876 (CWE-256: Plaintext Storage of a Password)
Moxa (EDR-G903 Secure Router)
CVE-2016-0877 (CWE-401: Improper Release of Memory Before Removing Last Reference)
Moxa (EDR-G903 Secure Router)
CVE-2016-0878 (CWE-400: Uncontrolled Resource Consumption
Moxa (EDR-G903 Secure Router)
CVE-2016-0879 (CWE-264: Permissions, Privileges, and Access Controls)
Accuenergy Acuvim II Series
CVE-2016-2293 (CWE-592: Authentication Bypass Issues)
Accuenergy Acuvim II Series
CVE-2016-2294 (CWE-256: Plaintext Storage of a Password)
Sierra Wireless ACEmanager
CVE-2016-6479 (CWE-538: File and Directory Information Exposure)
Eaton Lighting Systems EG2 Web Control
CVE-2016-2272 (CWE-565: Reliance on Cookies without Validation and Integrity Checking)
Eaton Lighting Systems EG2 Web Control
CVE-2016-0871 (CWE-312: Cleartext Storage of Sensitive Information)
ICONICS WebHMI
CVE-2016-2289 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
B+B SmartWorx VESP211
CVE-2016-2275 (CWE-603: Use of Client-Side Authentication)
Tollgrade SmartGrid Sensor Management System Software
CVE-2016-0863 (CWE-352: Cross-Site Request Forgery)
Tollgrade SmartGrid Sensor Management System Software
CVE-2016-0864 (CWE-200: Information Exposure)
Tollgrade SmartGrid Sensor Management System Software
CVE-2016-0865 (CWE-522: Insufficiently Protected Credentials)
Tollgrade SmartGrid Sensor Management System Software
CVE-2016-0866 (CWE-79: Improper Neutralization of Input During Web Page Generation)
CAREL PlantVisor Enhanced
CVE-2015-0867 (CWE-20: Improper Input Validation)
LOYTEC Router
CVE-2015-7906 (CWE-200: Information Exposure)
Honeywell Midas Gas Detector
CVE-2015-7907 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
Honeywell Midas Gas Detector
CVE-2015-7908 (CWE-319: Cleartext Transmission of Sensitive Information)
Exemys Web Server (Telemetry Web Server)
CVE-2015-7910 (CWE-592: Authentication Bypass issues)
EasyIO-30P-SF
CVE-2015-3974 (CWE-259: Use of Hard-coded Password)
Resource Data Management (Resource Data Management’s Data Manager application)
CVE-2015-6470 (CWE-269: Improper Privilege Management)
Resource Data Management (Resource Data Management’s Data Manager application)
CVE-2015-6468 (CWE-352: Cross-Site Request Forgery)
IBC Solar ServeMaster
CVE-2015-6469 (CWE-200: Information Exposure)
IBC Solar ServeMaster
CVE-2015-6474 (CWE-256: Plaintext Storage of a Password)
IBC Solar ServeMaster
CVE-2015-6475 (CWE-79: Improper Neutralization of Input During Web Page Generation)
Sinapsi eSolar Light Sinapsi eSolar Light
CVE-2015-3949 (CWE-256: Plain Text Storage of a Password)
RLE Nova-Wind Turbine HMI
CVE-2015-3951 (CWE-256: Plaintext Storage of a Password)
XZERES 442SR Wind Turbine
CVE-2015-0985 (CWE-352: Cross-Site Request Forgery)
XZERES 442SR Wind Turbine
CVE-2015-3950 (CWE-352: Cross-Site Request Forgery)


Public CERT Advisories

Chiyu Technology (fingerprint access control device)
CVE-2015-2870 (CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page)
Chiyu Technology (fingerprint access control device)
CVE-2015-2871 (CWE-288: Authentication Bypass Using an Alternate Path or Channel)
Honeywell (Tuxedo Touch Controller)
CVE-2015-2847 (CWE-603: Use of Client-Side Authentication)
Honeywell (Tuxedo Touch Controller)
CVE-2015-2848 (CWE-352: Cross-Site Request Forgery)
Cryptocat
CVE-2013-4104
Cryptocat
CVE-2013-2260
Cryptocat
CVE-2013-4107
Cryptocat
CVE-2013-4105
PhpMyAdmin
CVE-2013-3742 (CWE-79: Cross-Site Scripting)
Piwik
CVE-2012-4541 (CWE-79: Cross-Site Scripting)
PhpMyAdmin
CVE-2012-5339 (CWE-79: Cross-Site Scripting)
PhpMyAdmin
CVE-2011-4634 (CWE-79: Cross-Site Scripting)