CVE-2023-6094

OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials

Description

A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.

Remediation

Workaround:

  • Since Oncell G3150A-LTE has been phased out, we don’t have any plans to address CVE 2023-6093 and CVE-2023-6094. We recommend that users follow the mitigation measures below to deploy the product in an appropriate product security context. Moxa recommends users to implement the following mitigations if necessary: * Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet. * Place control system networks and remote devices behind firewalls, isolating them from business networks. * When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.

Category

5.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.09%
Vendor Advisory moxa.com
Affected: Moxa OnCell G3150A-LTE Series
Published at:
Updated at:

References

Link Tags
https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-6094?
CVE-2023-6094 has been scored as a medium severity vulnerability.
How to fix CVE-2023-6094?
As a workaround for remediating CVE-2023-6094: Since Oncell G3150A-LTE has been phased out, we don’t have any plans to address CVE 2023-6093 and CVE-2023-6094. We recommend that users follow the mitigation measures below to deploy the product in an appropriate product security context. Moxa recommends users to implement the following mitigations if necessary: * Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet. * Place control system networks and remote devices behind firewalls, isolating them from business networks. * When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.
Is CVE-2023-6094 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-6094 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-6094?
CVE-2023-6094 affects Moxa OnCell G3150A-LTE Series.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.