Lucene search

MoxaCVELIST:CVE-2023-4229

HistoryAug 24, 2023 - 6:33 a.m.

CVE-2023-4229 ioLogik 4000 Series: Session Headers Not Implemented

2023-08-2406:33:44

CWE-1021

Moxa

www.cve.org

cve-2023-4229

iologik 4000 series

session headers not implemented

security risks

attackers

malicious content

unauthorized data disclosures

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ioLogik 4000 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "1.6",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-4229