CVE-2023-4228

CWE-1004 CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 59.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Iologik 4000 Series Moxa Iologik E4200 Firmware

Timeline

PublishedAug 24

Description

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5moxa/iologik_4000_series1.0 — 1.6

▶NVDmoxa/iologik_e4200_firmware1.6

🔴Vulnerability Details

GHSA

GHSA-h2ff-jxxj-cmx7: A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1↗2023-08-24

▶

CVEList

ioLogik 4000 Series: Session Cookies Attribute Not Set Properly↗2023-08-24

▶