CVE-2024-4739 - Vulnerability Details - OpenCVE

The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Moxa	Mxsecurity

Configuration 1 [-]

cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00119}`	epss `{'score': 0.00133}`

Tue, 22 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other

Fri, 18 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Moxa Moxa mxsecurity
CPEs		cpe:2.3:a:moxa:mxsecurity::::::::
Vendors & Products		Moxa Moxa mxsecurity
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 18 Oct 2024 08:30:00 +0000

Type	Values Removed	Values Added
Description		The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
Title		MXsecurity License Generation Function Disclosure
Weaknesses		CWE-749
References		https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Moxa

Published: 2024-10-18T08:11:04.908Z

Updated: 2024-10-18T14:40:34.104Z

Reserved: 2024-05-10T09:05:34.287Z

Link: CVE-2024-4739

Vulnrichment

Updated: 2024-10-18T14:40:27.471Z

NVD

Status : Analyzed

Published: 2024-10-18T09:15:03.710

Modified: 2024-10-22T14:07:02.023

Link: CVE-2024-4739

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4739", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2024-05-10T09:05:34.287Z", "datePublished": "2024-10-18T08:11:04.908Z", "dateUpdated": "2024-10-18T14:40:34.104Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MXsecurity Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.1.0", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sean Cai"}, {"lang": "en", "type": "finder", "value": "Chris Huang"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."}], "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."}], "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "CAPEC-36: Using Unpublished Interfaces or Functionality"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-18T08:11:04.908Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.</p><ul><li><p>MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\">Moxa Software Licensing Portal</a></p></li></ul>"}], "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n * MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login"}], "source": {"discovery": "EXTERNAL"}, "title": "MXsecurity License Generation Function Disclosure", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet. </p></li></ul></div><div><ul><li><p>When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). </p></li></ul></div><div><ul><li><p>The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f </p></li></ul></div>"}], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n * The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "moxa", "product": "mxsecurity", "cpes": ["cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T14:39:37.302578Z", "id": "CVE-2024-4739", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:40:34.104Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4739", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-18T14:39:37.302578Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "mxsecurity", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:40:27.471Z"}}], "cna": {"title": "MXsecurity License Generation Function Disclosure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Sean Cai"}, {"lang": "en", "type": "finder", "value": "Chris Huang"}], "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "CAPEC-36: Using Unpublished Interfaces or Functionality"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "MXsecurity Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n * MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login", "supportingMedia": [{"type": "text/html", "value": "<p>Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.</p><ul><li><p>MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\">Moxa Software Licensing Portal</a></p></li></ul>", "base64": false}]}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "* Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n * The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.", "supportingMedia": [{"type": "text/html", "value": "<div><ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet. </p></li></ul></div><div><ul><li><p>When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). </p></li></ul></div><div><ul><li><p>The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f </p></li></ul></div>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.", "supportingMedia": [{"type": "text/html", "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-18T08:11:04.908Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4739", "state": "PUBLISHED", "dateUpdated": "2024-10-18T14:40:34.104Z", "dateReserved": "2024-05-10T09:05:34.287Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2024-10-18T08:11:04.908Z", "assignerShortName": "Moxa"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "B684EB4B-A888-4494-BAC5-09DD44216846", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."}, {"lang": "es", "value": "La falta de restricci\u00f3n de acceso a un recurso por parte de usuarios no autorizados hace que las versiones v1.1.0 y anteriores del software MXsecurity sean vulnerables. Al obtener un autenticador v\u00e1lido, un atacante puede hacerse pasar por un usuario autorizado y acceder al recurso con \u00e9xito."}], "id": "CVE-2024-4739", "lastModified": "2024-10-22T14:07:02.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2024-10-18T09:15:03.710", "references": [{"source": "psirt@moxa.com", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-749"}], "source": "psirt@moxa.com", "type": "Secondary"}]}