Cookie Without Secure Flag
CVE-2023-5035

3.1LOW

Key Information:

Vendor: Moxa
Status: Pt-g503 Series
Vendor: CVE Published:; 2 November 2023

Summary

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

Affected Version(s)

PT-G503 Series 1.0 <= 5.2

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2023
Vulnerability Reserved
Sep 18, 2023