ioLogik E1200 Series Firmware Vulnerable to CSRF Attacks
CVE-2023-5961

8.8HIGH

Key Information:

Vendor: Moxa
Status: Iologik E1200 Series
Vendor: CVE Published:; 23 December 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the ioLogik E1200 Series firmware, specifically in versions v3.3 and earlier. This security flaw allows an attacker to deceive a client into issuing an unintentional request to the web server. Since the request is processed as if it were a legitimate action by the user, it could enable the attacker to execute operations without the user's consent. It is crucial for users of the affected firmware to take preventive measures to safeguard their systems against potential exploitation.

Affected Version(s)

ioLogik E1200 Series 1.0 <= 3.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5961
Created by HadessCS

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Feb 1, 2024
👾
Exploit known to exist
Feb 1, 2024
Vulnerability published
Dec 23, 2023
Vulnerability Reserved
Nov 6, 2023

Credit

Reza Rashidi from HADESS