A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
28 Dec 2023, 15:26
Type | Values Removed | Values Added |
---|---|---|
First Time |
Moxa iologik E1211
Moxa iologik E1213 Moxa iologik E1260 Firmware Moxa iologik E1240 Moxa iologik E1241 Firmware Moxa iologik E1262 Firmware Moxa iologik E1242 Firmware Moxa iologik E1212 Moxa iologik E1214 Firmware Moxa iologik E1211 Firmware Moxa iologik E1210 Moxa iologik E1260 Moxa iologik E1242 Moxa iologik E1210 Firmware Moxa iologik E1212 Firmware Moxa iologik E1213 Firmware Moxa iologik E1214 Moxa iologik E1262 Moxa Moxa iologik E1241 Moxa iologik E1240 Firmware |
|
CPE | cpe:2.3:o:moxa:iologik_e1242_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1241:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1242:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1262:-:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1211_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1241_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1212:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1214:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1210:-:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1240_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1210_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1260:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1213:-:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1213_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1212_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1211:-:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1260_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:moxa:iologik_e1240:-:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1262_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:moxa:iologik_e1214_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability - Vendor Advisory |
23 Dec 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-23 09:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-5961
Mitre link : CVE-2023-5961
CVE.ORG link : CVE-2023-5961
JSON object : View
Products Affected
moxa
- iologik_e1262
- iologik_e1242_firmware
- iologik_e1213
- iologik_e1212
- iologik_e1260
- iologik_e1214
- iologik_e1210
- iologik_e1240
- iologik_e1242
- iologik_e1211
- iologik_e1212_firmware
- iologik_e1211_firmware
- iologik_e1214_firmware
- iologik_e1241_firmware
- iologik_e1241
- iologik_e1213_firmware
- iologik_e1262_firmware
- iologik_e1210_firmware
- iologik_e1240_firmware
- iologik_e1260_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)