Vulnerability Details : CVE-2023-4228
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
Vulnerability category: Bypass
Products affected by CVE-2023-4228
- cpe:2.3:o:moxa:iologik_e4200_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4228
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4228
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
3.1
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
1.6
|
1.4
|
Moxa Inc. |
CWE ids for CVE-2023-4228
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
-
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.Assigned by: psirt@moxa.com (Secondary)
References for CVE-2023-4228
-
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability
ioLogik 4000 Series Multiple Web Server Vulnerabilities and Improper Access Control VulnerabilityVendor Advisory
Jump to