Unauthorized Access to Resource Due to Inadequate Restriction
CVE-2024-4739

7.5HIGH

Key Information:

Vendor: Moxa
Status: Mxsecurity Series
Vendor: CVE Published:; 18 October 2024

Summary

The MXsecurity software, developed by Moxa, is affected by a vulnerability that arises from inadequate access restrictions to sensitive resources. Versions v1.1.0 and older are susceptible, allowing an attacker with a valid authenticator to impersonate an authorized user. This flaw signifies potential risks to data integrity and confidentiality, as unauthorized individuals could exploit this weakness to gain access to restricted resources, leading to possible data breaches. Immediate attention to software updates and security advisories is essential to mitigate these vulnerabilities.

Affected Version(s)

MXsecurity Series 1.0 <= 1.1.0

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
May 10, 2024

Credit

Sean Cai

Chris Huang