FKIE_CVE-2023-5961

Vulnerability from fkie_nvd - Published: 2023-12-23 09:15 - Updated: 2024-11-21 08:42
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
References
psirt@moxa.comhttps://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerabilityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerabilityVendor Advisory
Impacted products
Vendor Product Version
moxa iologik_e1210_firmware *
moxa iologik_e1210 -
moxa iologik_e1211_firmware *
moxa iologik_e1211 -
moxa iologik_e1212_firmware *
moxa iologik_e1212 -
moxa iologik_e1213_firmware *
moxa iologik_e1213 -
moxa iologik_e1214_firmware *
moxa iologik_e1214 -
moxa iologik_e1240_firmware *
moxa iologik_e1240 -
moxa iologik_e1241_firmware *
moxa iologik_e1241 -
moxa iologik_e1242_firmware *
moxa iologik_e1242 -
moxa iologik_e1260_firmware *
moxa iologik_e1260 -
moxa iologik_e1262_firmware *
moxa iologik_e1262 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF14969B-6E9F-4553-96EB-7BE6C5834260",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67DDCD42-10D5-46B2-AB91-66EF30D5D645",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1211_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D03FA4E2-4A30-4ED9-BA4D-5546FC0BA939",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1211:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "308E46FB-488A-4907-9A69-AACDE23A3394",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1212_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA133D93-4A1D-419A-92C5-C0C0A35187B5",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1212:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "616E5D0B-0D3A-4808-8C15-2FDC35E8605C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1213_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E39755B-9625-4D95-B425-BD28B60180CA",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1213:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AAE4F4E-779C-401F-A75E-AC66757DD313",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1214_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B517D-63C4-4FE5-A89F-B2A235E8239A",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1214:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0837606-60F7-4563-8F80-AE7C1CC3F469",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1240_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90601A69-F749-4E68-A034-74B9F046436F",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77A9D90D-0419-410C-AF65-0FFE0FF2882F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1241_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38280BA6-C262-45AC-AD33-813523F64DAB",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1241:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3239D045-8A7C-4407-B77C-E82C178D8B90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1242_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB237801-4287-4A30-8CE8-DB90FAB5C118",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1242:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D40DF4C-0EA9-44B0-8D8C-D1FC2AB5A357",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1260_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACDAE3E7-675E-44BF-BD57-BF5C31B969A5",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4FA04-BF84-4B8A-A295-0312A3790F2E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:iologik_e1262_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "485CCB1F-A642-48B2-A8AD-4A7EBB5791BD",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:iologik_e1262:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3366C39B-50FD-497B-A6A1-875CEB8913C5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.\n\n"
    },
    {
      "lang": "es",
      "value": "Se identific\u00f3 una vulnerabilidad de Cross-Site Request Forgery (CSRF) en las versiones de firmware de la serie ioLogik E1200 v3.3 y anteriores. Un atacante puede aprovechar esta vulnerabilidad para enga\u00f1ar a un cliente para que realice una solicitud no intencionada al servidor web, que ser\u00e1 tratada como una solicitud aut\u00e9ntica. Esta vulnerabilidad puede llevar a un atacante a realizar operaciones en nombre del usuario v\u00edctima."
    }
  ],
  "id": "CVE-2023-5961",
  "lastModified": "2024-11-21T08:42:52.213",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@moxa.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-23T09:15:07.730",
  "references": [
    {
      "source": "psirt@moxa.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"
    }
  ],
  "sourceIdentifier": "psirt@moxa.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@moxa.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.