ioLogik E1200 Series Web Server Vulnerability

Moxa Security Advisory

The ioLogik E1200 Series prior to version 3.3 is affected by web application vulnerabilities.

CVE-2023-5961

A vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request.

CVE-2023-5962

A vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data.

 

The identified vulnerability types and potential impacts are shown below:

Item
Vulnerability Type
Impact

1

Cross-Site Request Forgery (CSRF) (CWE-352)

CVE-2023-5961

This vulnerability may lead an attacker to perform operations on behalf of the victimized user.

2

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

CVE-2023-5962

This vulnerability may lead an attacker to get unexpected authorization.

 

Vulnerability Scoring Details

ID
CVSS V3.1
VECTOR
REMOTE EXPLOIT WITHOUT AUTH?

CVE-2023-5961
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 
Yes

CVE-2023-5962
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
No

READ MORE