Cross-Site Request Forgery in Moxa ioLogik Devices
CVE-2016-8350

6.3MEDIUM

Key Information:

Vendor: Moxa
Status: Moxa Iologik E1200 Series Before 3.12
Vendor: CVE Published:; 13 February 2017

Summary

A security flaw has been identified in Moxa ioLogik devices that permits attackers to perform unauthorized actions on behalf of legitimate users. The issue arises when the web application fails to properly validate incoming requests, potentially allowing malicious exploitation through crafted requests. The affected devices include a range of ioLogik E1210 to E2262 models with various firmware versions, making it imperative for users to apply the latest firmware updates to mitigate this vulnerability.

Affected Version(s)

Moxa ioLogik E1200 Series before 3.12 Moxa ioLogik E1200 Series before 3.12

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05

x_refsource_MISC

http://www.securityfocus.com/bid/93550

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Sep 28, 2016