Session Fixation Vulnerability in Moxa MiiNePort Products
CVE-2016-9344

7.5HIGH

Key Information:

Vendor: Moxa
Status: Moxa Miineport
Vendor: CVE Published:; 13 February 2017

Summary

An issue has been identified in Moxa MiiNePort E1, E2, and E3 products prior to specific versions, where an attacker can exploit session fixation vulnerabilities. By brute-forcing an active session cookie, malicious actors may gain unauthorized access to sensitive configuration files, potentially compromising the security and functionality of the affected devices. It is recommended that users update to the latest firmware versions to mitigate associated risks.

Affected Version(s)

Moxa MiiNePort Moxa MiiNePort

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01

x_refsource_MISC

http://www.securityfocus.com/bid/94783

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Nov 16, 2016