PatchSiren

Moxa CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Moxa CVE published 2026-06-16

CVE-2026-10831

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.

HIGH Moxa CVE published 2026-06-16

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the 'Server location' parameter on the Basic settings page. An attacker could exploit this vulnerability by sending crafted input to the web service, resulting in memory corruption. Successful explo [truncated]

MEDIUM Moxa CVE published 2026-06-16

CVE-2026-10828

A format string vulnerability has been found in the 'alias' parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An attacker could exploit this vulnerability by sending crafted input to the web service, causing unintended memory [truncated]

HIGH Moxa CVE published 2026-06-16

CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

HIGH Moxa CVE published 2026-06-12

CVE-2026-9266

CVE-2026-9266 is a high-severity vulnerability in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effectiv [truncated]

MEDIUM Moxa CVE published 2024-09-24

CVE-2024-6787

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in Moxa MXview One Series and MXview One Central Manager Series. The flaw allows an attacker to exploit the window between file validation and file execution to write arbitrary files to the system, potentially enabling malicious code execution and file loss. The vulnerability carries a CVSS 3.1 score of 5.3 (Medium severity) with [truncated]

MEDIUM Moxa CVE published 2024-09-24

CVE-2024-6786

CVE-2024-6786 is a path traversal vulnerability in Moxa MXview One Series network management software, published by CISA on September 24, 2024. The flaw allows authenticated attackers to craft malicious MQTT messages containing relative path traversal sequences (e.g., ../) to read arbitrary files from the underlying system. Successful exploitation exposes sensitive data including configuration files and J [truncated]

MEDIUM Moxa CVE published 2024-09-24

CVE-2024-6785

Moxa MXview One Series and MXview One Central Manager Series store credentials in cleartext within configuration files. An attacker with local access can read or modify these files, exposing sensitive information that could enable service abuse. The vulnerability requires local access and low privileges, with no user interaction needed. CISA published advisory ICSA-24-268-05 on September 24, 2024, documen [truncated]

HIGH Moxa CVE published 2017-02-13

CVE-2016-8379

CVE-2016-8379 affects multiple Moxa ioLogik E1200- and E2200-series firmware branches where users are restricted to using short passwords. The available record marks the issue as HIGH severity (CVSS 8.1) and network reachable, with no privileges or user interaction required, but with higher attack complexity. For OT and industrial environments, the main risk is that weak credential policy can materially r [truncated]

HIGH Moxa CVE published 2017-02-13

CVE-2016-8372

CVE-2016-8372 affects multiple Moxa ioLogik E1200- and E2200-series devices running listed firmware versions. NVD describes the issue as a password being transmitted in a format that is not sufficiently secure. Because the affected components are industrial I/O devices and the CVSS vector is network-based with no privileges or user interaction required, defenders should treat this as a high-priority crede [truncated]

MEDIUM Moxa CVE published 2017-02-13

CVE-2016-8359

CVE-2016-8359 is a cross-site scripting (XSS) vulnerability in the web application used by multiple Moxa ioLogik devices. According to the NVD record, the issue stems from failure to sanitize user input and can allow an attacker to inject script content, with CVSS 3.1 rated 6.1 (network-based, low attack complexity, no privileges required, user interaction required, and scope changed). The affected produc [truncated]

MEDIUM Moxa CVE published 2017-02-13

CVE-2016-8350

CVE-2016-8350 describes a cross-site request forgery (CSRF) weakness in the Moxa ioLogik web application. In affected firmware, the interface may not sufficiently verify that a request came from a valid user, which can allow unauthorized state-changing actions through a forged browser request. The issue affects multiple ioLogik E1200-series and E2200-series models at the firmware versions listed by the CVE.

HIGH Moxa CVE published 2016-09-16

CVE-2016-9356

CVE-2016-9356 affects Moxa DACenter version 1.4 and older and is described as an unquoted search path issue. NVD rates the issue 7.8 HIGH, with local attack requirements and high impacts to confidentiality, integrity, and availability. Systems running affected DACenter releases should be reviewed promptly, especially where local user access is possible.

MEDIUM Moxa CVE published 2016-09-16

CVE-2016-9354

CVE-2016-9354 is a medium-severity availability issue in Moxa DACenter 1.4 and older. According to the supplied NVD record, a specially crafted project file can trigger uncontrolled resource consumption, leading to an application crash. The record maps the issue to CWE-399 and rates it as local, user-interaction required, with no confidentiality or integrity impact identified.

MEDIUM Moxa CVE published 2016-09-11

CVE-2016-9346

CVE-2016-9346 is an information-disclosure issue in Moxa MiiNePort firmware. According to NVD, affected devices are MiiNePort E1 firmware prior to 1.8, E2 prior to 1.4, and E3 prior to 1.1, where configuration data are stored in a file without encryption. The published CVSS v3.0 score is 5.3 (Medium), reflecting a confidentiality impact only.

MEDIUM Moxa CVE published 2016-09-11

CVE-2016-9344

CVE-2016-9344 is a high-severity vulnerability in Moxa MiiNePort E1, E2, and E3 firmware that can let an attacker brute-force an active session cookie and use it to download configuration files. The NVD record maps affected firmware as E1 prior to 1.8, E2 prior to 1.4, and E3 prior to 1.1. Because the issue exposes configuration data and requires no privileges or user interaction, it should be treated as [truncated]

MEDIUM Moxa CVE published 2016-09-04

CVE-2016-9371

CVE-2016-9371 is a cross-site scripting (XSS) issue in several Moxa NPort product families. According to the NVD record, user-controlled input was not neutralized before being output to a web page. The CVE was published on 2017-02-13 and later modified on 2026-05-13 in the NVD source record. The issue affects multiple NPort series with series-specific fixed firmware thresholds, and it is rated CVSS 6.1/Medium.

CRITICAL Moxa CVE published 2016-09-04

CVE-2016-9369

CVE-2016-9369 describes a critical flaw in multiple Moxa NPort device families where firmware can be updated over the network without authentication, creating a path that may allow remote code execution. The NVD record rates the issue 9.8/CRITICAL and maps it to CWE-287. For defenders, the key concern is any reachable management or firmware-update interface on affected NPort deployments.

HIGH Moxa CVE published 2016-09-04

CVE-2016-9367

CVE-2016-9367 is a high-severity availability issue in multiple Moxa NPort firmware families. NVD describes a condition where a malicious actor can request unrestricted resources, leading to resource exhaustion and denial of service. The supplied NVD data rates the issue CVSS v3.0 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CRITICAL Moxa CVE published 2016-09-04

CVE-2016-9366

CVE-2016-9366 is a critical authentication-bypass issue in multiple Moxa NPort firmware lines. The vulnerability allows a network attacker to use brute force to determine parameters needed to bypass authentication, and NVD rates the impact as CVSS 9.8 with high confidentiality, integrity, and availability impact.

HIGH Moxa CVE published 2016-09-04

CVE-2016-9365

CVE-2016-9365 is a high-severity cross-site request forgery issue in multiple Moxa NPort firmware families. An attacker could induce an authenticated user to submit unintended requests to the device management interface, with potential impact on confidentiality, integrity, and availability.

HIGH Moxa CVE published 2016-09-04

CVE-2016-9363

CVE-2016-9363 is a network-reachable buffer overflow in multiple Moxa NPort firmware lines. The CVE description states that an unauthenticated attacker may be able to remotely execute arbitrary code. Because the attack vector is network-based and requires no privileges or user interaction, exposed devices should be treated as high priority for patching and exposure reduction.

CRITICAL Moxa CVE published 2016-09-04

CVE-2016-9361

CVE-2016-9361 is a critical Moxa NPort firmware authentication flaw that allows remote attackers to retry administration passwords without first authenticating. Because these devices are commonly used as network-facing serial device servers in industrial environments, the issue can lead to unauthorized administrative access across multiple product families and firmware releases.

LOW Moxa CVE published 2016-09-04

CVE-2016-9348

CVE-2016-9348 is a plaintext credential exposure issue in multiple Moxa NPort serial device server firmware families. According to NVD, configuration files can contain password parameters in clear text, making local access to those files a confidentiality risk. Even with a low CVSS score, exposed configuration backups or device files should be treated as sensitive secrets and remediated promptly on affected firmware.

CRITICAL Moxa CVE published 2016-08-21

CVE-2016-9333

CVE-2016-9333 is a critical SQL injection vulnerability in Moxa SoftCMS versions prior to 1.6. According to the NVD record, the issue can allow a remote attacker to access SoftCMS with administrator privileges through specially crafted input. The NVD assigns CVSS 3.0 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating network-reachable, no-authentication exploitation with severe confidentiality, integri [truncated]

HIGH Moxa CVE published 2016-08-21

CVE-2016-9332

CVE-2016-9332 is a high-severity denial-of-service issue in Moxa SoftCMS versions prior to 1.6. The NVD record states that the SoftCMS Webserver does not properly validate input, and that unexpected values may crash the program or trigger excessive resource consumption. Because the issue is network-reachable and requires no privileges or user interaction, exposed deployments should be treated as a meaning [truncated]

HIGH Moxa CVE published 2016-08-21

CVE-2016-8360

CVE-2016-8360 describes a double free condition in Moxa SoftCMS ASP Webserver that can be triggered by a specially crafted URL request. According to the CVE record, affected versions are SoftCMS prior to 1.6, and the impact may include denial of service or arbitrary code execution. The NVD record maps the weakness to CWE-415 and rates the issue HIGH with a network attack vector and no privileges or user i [truncated]

CRITICAL Moxa CVE published 2016-08-07

CVE-2016-8363

CVE-2016-8363 is a critical Moxa firmware vulnerability affecting multiple OnCell, AWK, WAC, and TAP product families. NVD rates it CVSS 3.0 10.0 with network attack vector, no privileges, no user interaction, and a changed scope impact. The disclosed impact is arbitrary OS command execution on the server/device, which can lead to full compromise of confidentiality, integrity, and availability.

MEDIUM Moxa CVE published 2016-08-07

CVE-2016-8362

CVE-2016-8362 is an access-control weakness in multiple Moxa wireless/industrial networking product firmware families. According to the vulnerability description, a user could download log files by accessing a specific URL. NVD assigns the issue CVSS 3.0 6.5 (Medium) and maps it to CWE-287, indicating an authentication/authorization failure that can expose sensitive information.

HIGH Moxa CVE published 2016-07-24

CVE-2016-8346

CVE-2016-8346 is a high-severity vulnerability in Moxa EDR-810 Industrial Secure Router firmware that can allow unauthorized access to configuration and log files through a specific web server URL. NVD assigns CVSS 3.0 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating a network-reachable confidentiality impact with no required privileges or user interaction. The CVE was published on 2017-02-13 and NVD [truncated]