MXsecurity Authenticated Information Disclosure Due to SQL Injection
CVE-2023-39980

7.1HIGH

Key Information:

Vendor: Moxa
Status: Mxsecurity Series
Vendor: CVE Published:; 2 September 2023

Summary

A flaw has been identified in MXsecurity versions prior to v1.0.1, which enables unauthorized disclosure of authenticated information. This vulnerability results from improper neutralization of special elements, which allows remote attackers to manipulate SQL commands. Organizations using affected versions are advised to update to the latest version to mitigate potential security risks.

Affected Version(s)

MXsecurity Series 1.0 <= 1.0.1

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2023
Vulnerability Reserved
Aug 8, 2023