Details of VAR-202312-1760

ID

VAR-202312-1760

CVE

CVE-2023-5961

TITLE

plural Moxa Inc. Cross-site request forgery vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2023-023738

DESCRIPTION

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. ioLogik e1210 firmware, ioLogik e1211 firmware, ioLogik e1212 firmware etc. Moxa Inc. The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA ioLogik E1200 Series is a series of general-purpose controllers and I/O devices from China's MOXA company

Trust: 2.16

sources: NVD: CVE-2023-5961 // JVNDB: JVNDB-2023-023738 // CNVD: CNVD-2024-41853

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41853

AFFECTED PRODUCTS

vendor:	moxa	model:	iologik e1241	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1242	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1213	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1240	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1260	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1262	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1214	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1211	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1212	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1210	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1240	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1241	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1211	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1210	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1213	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1260	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1214	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1242	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1212	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1262	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1200 series	scope:	lt	version:	3.3	Trust: 0.6

sources: CNVD: CNVD-2024-41853 // JVNDB: JVNDB-2023-023738 // NVD: CVE-2023-5961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-5961
value:	HIGH
Trust: 1.0
psirt@moxa.com:	CVE-2023-5961
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-5961
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-41853
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-41853
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-5961
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-5961
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41853 // JVNDB: JVNDB-2023-023738 // NVD: CVE-2023-5961 // NVD: CVE-2023-5961

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site request forgery (CWE-352) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-023738 // NVD: CVE-2023-5961

PATCH

title:

Patch for MOXA ioLogik E1200 Series Cross-Site Request Forgery Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/601591

Trust: 0.6

sources: CNVD: CNVD-2024-41853

EXTERNAL IDS

db:	NVD	id:	CVE-2023-5961	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-023738	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41853	Trust: 0.6

sources: CNVD: CNVD-2024-41853 // JVNDB: JVNDB-2023-023738 // NVD: CVE-2023-5961

REFERENCES

url:	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2023-5961	Trust: 0.8

sources: CNVD: CNVD-2024-41853 // JVNDB: JVNDB-2023-023738 // NVD: CVE-2023-5961

SOURCES

db:	CNVD	id:	CNVD-2024-41853
db:	JVNDB	id:	JVNDB-2023-023738
db:	NVD	id:	CVE-2023-5961

LAST UPDATE DATE

2024-10-29T23:28:48.120000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41853	date:	2024-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-023738	date:	2024-01-29T07:01:00
db:	NVD	id:	CVE-2023-5961	date:	2023-12-28T15:26:49.127

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41853	date:	2024-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-023738	date:	2024-01-29T00:00:00
db:	NVD	id:	CVE-2023-5961	date:	2023-12-23T09:15:07.730