CVE-2016-9344

EUVD-2016-10154
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
moxamiineport_e1_firmware
𝑥
≤ 1.7
moxamiineport_e2_firmware
𝑥
≤ 1.3
moxamiineport_e3_firmware
𝑥
≤ 1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94783
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01
http://www.securityfocus.com/bid/94783
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01