CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-5962 – ioLogik E1200 Series: Weak Cryptographic Algorithm Vulnerability
https://notcve.org/view.php?id=CVE-2023-5962
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. Se ha identificado una vulnerabilidad de algoritmo criptográfico débil en las versiones de firmware de la serie ioLogik E1200 v3.3 y anteriores. Esta vulnerabilidad puede ayudar a un atacante a comprometer la confidencialidad de datos confidenciales. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 1CVE-2023-5961 – ioLogik E1200 Series: Cross-Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2023-5961
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. Se identificó una vulnerabilidad de Cross-Site Request Forgery (CSRF) en las versiones de firmware de la serie ioLogik E1200 v3.3 y anteriores. Un atacante puede aprovechar esta vulnerabilidad para engañar a un cliente para que realice una solicitud no intencionada al servidor web, que será tratada como una solicitud auténtica. • https://github.com/HadessCS/CVE-2023-5961 https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4230 – ioLogik 4000 Series: Server Banner Information Disclosure
https://notcve.org/view.php?id=CVE-2023-4230
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4229 – ioLogik 4000 Series: Session Headers Not Implemented
https://notcve.org/view.php?id=CVE-2023-4229
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4228 – ioLogik 4000 Series: Session Cookies Attribute Not Set Properly
https://notcve.org/view.php?id=CVE-2023-4228
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •