Lucene search

MoxaCVELIST:CVE-2023-5961

HistoryDec 23, 2023 - 9:01 a.m.

CVE-2023-5961 ioLogik E1200 Series: Cross-Site Request Forgery (CSRF) Vulnerability

2023-12-2309:01:02

CWE-352

Moxa

www.cve.org

cross-site request forgery

iologik e1200 series

csrf

vulnerability

firmware

exploit

web server

operations

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ioLogik E1200 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.3",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

Related for CVELIST:CVE-2023-5961