8.8

CVE-2016-2285

Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoxaMiineport E2 1242 Firmware Version1.1
   MoxaMiineport E2 1242 Version-
MoxaMiineport E2 4561 Firmware Version1.1
   MoxaMiineport E2 4561 Version-
MoxaMiineport E1 7080 Firmware Version1.1.10
   MoxaMiineport E1 7080 Version-
MoxaMiineport E3 Firmware Version1.0
   MoxaMiineport E3 Version-
MoxaMiineport E1 4641 Firmware Version1.1.10
   MoxaMiineport E1 4641 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.385
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01
Third Party Advisory
US Government Resource