CVE-2023-5961

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MoxaCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
moxaiologik_e1210_firmware
𝑥
< 3.3
moxaiologik_e1211_firmware
𝑥
< 3.3
moxaiologik_e1212_firmware
𝑥
< 3.3
moxaiologik_e1213_firmware
𝑥
< 3.3
moxaiologik_e1214_firmware
𝑥
< 3.3
moxaiologik_e1240_firmware
𝑥
< 3.3
moxaiologik_e1241_firmware
𝑥
< 3.3
moxaiologik_e1242_firmware
𝑥
< 3.3
moxaiologik_e1260_firmware
𝑥
< 3.3
moxaiologik_e1262_firmware
𝑥
< 3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability