Lucene search

MoxaCVE-2023-5961

HistoryDec 23, 2023 - 9:15 a.m.

CVE-2023-5961

2023-12-2309:15:07

CWE-352

Moxa

web.nvd.nist.gov

cve-2023-5961

cross-site request forgery

csrf

iologik e1200

firmware

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.

Affected configurations

Nvd

Node

moxaiologik_e1210Match-

AND

moxaiologik_e1210_firmwareRange<3.3

Node

moxaiologik_e1211Match-

AND

moxaiologik_e1211_firmwareRange<3.3

Node

moxaiologik_e1212Match-

AND

moxaiologik_e1212_firmwareRange<3.3

Node

moxaiologik_e1213Match-

AND

moxaiologik_e1213_firmwareRange<3.3

Node

moxaiologik_e1214Match-

AND

moxaiologik_e1214_firmwareRange<3.3

Node

moxaiologik_e1240Match-

AND

moxaiologik_e1240_firmwareRange<3.3

Node

moxaiologik_e1241Match-

AND

moxaiologik_e1241_firmwareRange<3.3

Node

moxaiologik_e1242_firmwareRange<3.3

AND

moxaiologik_e1242Match-

Node

moxaiologik_e1260_firmwareRange<3.3

AND

moxaiologik_e1260Match-

Node

moxaiologik_e1262_firmwareRange<3.3

AND

moxaiologik_e1262Match-

VendorProductVersionCPE
moxaiologik_e1210-cpe:2.3:h:moxa:iologik_e1210:-:*:*:*:*:*:*:*
moxaiologik_e1210_firmware*cpe:2.3:o:moxa:iologik_e1210_firmware:*:*:*:*:*:*:*:*
moxaiologik_e1211-cpe:2.3:h:moxa:iologik_e1211:-:*:*:*:*:*:*:*
moxaiologik_e1211_firmware*cpe:2.3:o:moxa:iologik_e1211_firmware:*:*:*:*:*:*:*:*
moxaiologik_e1212-cpe:2.3:h:moxa:iologik_e1212:-:*:*:*:*:*:*:*
moxaiologik_e1212_firmware*cpe:2.3:o:moxa:iologik_e1212_firmware:*:*:*:*:*:*:*:*
moxaiologik_e1213-cpe:2.3:h:moxa:iologik_e1213:-:*:*:*:*:*:*:*
moxaiologik_e1213_firmware*cpe:2.3:o:moxa:iologik_e1213_firmware:*:*:*:*:*:*:*:*
moxaiologik_e1214-cpe:2.3:h:moxa:iologik_e1214:-:*:*:*:*:*:*:*
moxaiologik_e1214_firmware*cpe:2.3:o:moxa:iologik_e1214_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moxa	iologik_e1210	-	cpe:2.3:h:moxa:iologik_e1210:-:::::::*
moxa	iologik_e1210_firmware	*	cpe:2.3:o:moxa:iologik_e1210_firmware::::::::
moxa	iologik_e1211	-	cpe:2.3:h:moxa:iologik_e1211:-:::::::*
moxa	iologik_e1211_firmware	*	cpe:2.3:o:moxa:iologik_e1211_firmware::::::::
moxa	iologik_e1212	-	cpe:2.3:h:moxa:iologik_e1212:-:::::::*
moxa	iologik_e1212_firmware	*	cpe:2.3:o:moxa:iologik_e1212_firmware::::::::
moxa	iologik_e1213	-	cpe:2.3:h:moxa:iologik_e1213:-:::::::*
moxa	iologik_e1213_firmware	*	cpe:2.3:o:moxa:iologik_e1213_firmware::::::::
moxa	iologik_e1214	-	cpe:2.3:h:moxa:iologik_e1214:-:::::::*
moxa	iologik_e1214_firmware	*	cpe:2.3:o:moxa:iologik_e1214_firmware::::::::

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ioLogik E1200 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.3",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

Related for CVE-2023-5961