Lucene search

TwcertCVELIST:CVE-2023-28697

HistoryApr 27, 2023 - 12:00 a.m.

CVE-2023-28697 Moxa MiiNePort E1 - Broken Access Control

2023-04-2700:00:00

CWE-306

twcert

www.cve.org

cve-2023-28697

moxa

access control

vulnerability

remote user

system operation

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.

CNA Affected

[
  {
    "vendor": "Moxa",
    "product": "MiiNePort E1",
    "versions": [
      {
        "version": "1.7.2",
        "status": "affected"
      }
    ]
  }
]

References

cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf

www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVELIST:CVE-2023-28697