8.8

CVE-2023-5961

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoxaIologik E1210 Firmware Version < 3.3
   MoxaIologik E1210 Version-
MoxaIologik E1211 Firmware Version < 3.3
   MoxaIologik E1211 Version-
MoxaIologik E1212 Firmware Version < 3.3
   MoxaIologik E1212 Version-
MoxaIologik E1213 Firmware Version < 3.3
   MoxaIologik E1213 Version-
MoxaIologik E1214 Firmware Version < 3.3
   MoxaIologik E1214 Version-
MoxaIologik E1240 Firmware Version < 3.3
   MoxaIologik E1240 Version-
MoxaIologik E1241 Firmware Version < 3.3
   MoxaIologik E1241 Version-
MoxaIologik E1242 Firmware Version < 3.3
   MoxaIologik E1242 Version-
MoxaIologik E1260 Firmware Version < 3.3
   MoxaIologik E1260 Version-
MoxaIologik E1262 Firmware Version < 3.3
   MoxaIologik E1262 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.342
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
psirt@moxa.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.