CVE-2023-4227 — Active Debug Code in Iologik 4000 Series

CWE-489 — Active Debug Code CWE-863 — Incorrect Authorization CWE-284 — Improper Access Control3 documents3 sources

Severity

6.5MEDIUMNVD

CNA5.3

EPSS

0.2%

top 62.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Iologik 4000 Series Moxa Iologik E4200 Firmware

Timeline

PublishedAug 24

Description

A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5moxa/iologik_4000_series1.0 — 1.6

▶NVDmoxa/iologik_e4200_firmware1.6

🔴Vulnerability Details

CVEList

ioLogik 4000 Series: Existence of an Unauthorized Service↗2023-08-24

▶

GHSA

GHSA-wxp5-9w64-pp68: A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1↗2023-08-24

▶