Moxa Sds-3008 Series Industrial Ethernet Switch vulnerabilities

6 known vulnerabilities affecting moxa/sds-3008_series_industrial_ethernet_switch.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2022-40693HIGHCVSS 7.5v2.12023-02-07

CVE-2022-40693 [HIGH] CWE-319 CVE-2022-40693: A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

CVE-2022-40224HIGHCVSS 7.5v2.12023-02-07

CVE-2022-40224 [HIGH] CWE-410 CVE-2022-40224: A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Ind A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-40691MEDIUMCVSS 5.3v2.12023-02-07

CVE-2022-40691 [MEDIUM] CWE-200 CVE-2022-40691: An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-41311MEDIUMCVSS 5.4v2.12023-02-07

CVE-2022-41311 [MEDIUM] CWE-79 CVE-2022-41311: A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS- A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage

CVE-2022-41313MEDIUMCVSS 5.4v2.12023-02-07

CVE-2022-41313 [MEDIUM] CWE-79 CVE-2022-41313: A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS- A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact"

CVE-2022-41312MEDIUMCVSS 5.4v2.12023-02-07

CVE-2022-41312 [MEDIUM] CWE-79 CVE-2022-41312: A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS- A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description"