Command Injection Vulnerability in Moxa OnCell and AWK Series Devices
CVE-2016-8363

10CRITICAL

Key Information:

Vendor: Moxa
Status: Moxa Oncell
Vendor: CVE Published:; 13 February 2017

Summary

A command injection vulnerability has been identified in Moxa's OnCell and AWK Series devices, allowing an attacker to execute arbitrary operating system commands on the affected devices. This issue presents significant security risks, potentially enabling unauthorized access and control over critical systems. It is essential for users and organizations leveraging these devices to implement immediate security measures and stay updated with vendor advisories to mitigate potential exploitation.

Affected Version(s)

Moxa OnCell Moxa OnCell

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01

x_refsource_MISC

http://www.securityfocus.com/bid/94092

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Sep 28, 2016