CVE-2016-2285

Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
moxamiineport_e2_1242_firmware
1.1
moxamiineport_e2_4561_firmware
1.1
moxamiineport_e1_7080_firmware
1.1.10
moxamiineport_e3_firmware
1.0
moxamiineport_e1_4641_firmware
1.1.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2016/May/7
https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01
http://seclists.org/fulldisclosure/2016/May/7
https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01