Cross-Site Scripting Vulnerability in Moxa ioLogik Products
CVE-2016-8359

6.1MEDIUM

Key Information:

Vendor: Moxa
Status: Moxa Iologik E1200 Series Before 3.12
Vendor: CVE Published:; 13 February 2017

Summary

A vulnerability has been identified in Moxa ioLogik E series devices where the web application fails to properly sanitize user input. This flaw can enable attackers to inject harmful scripts or execute arbitrary code through cross-site scripting attacks. The affected devices include various models with specific firmware versions that have not addressed this security oversight.

Affected Version(s)

Moxa ioLogik E1200 Series before 3.12 Moxa ioLogik E1200 Series before 3.12

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05

x_refsource_MISC

http://www.securityfocus.com/bid/93550

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Sep 28, 2016