Details of VAR-202312-1968

ID

VAR-202312-1968

CVE

CVE-2023-5962

TITLE

plural Moxa Inc. Vulnerabilities in the use of cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2023-023737

DESCRIPTION

A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. ioLogik e1210 firmware, ioLogik e1211 firmware, ioLogik e1212 firmware etc. Moxa Inc. The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. MOXA ioLogik E1200 Series is a series of general-purpose controllers and I/O devices from China's MOXA company. MOXA ioLogik E1200 Series has an encryption vulnerability that can be exploited by attackers to obtain sensitive information

Trust: 2.16

sources: NVD: CVE-2023-5962 // JVNDB: JVNDB-2023-023737 // CNVD: CNVD-2024-41854

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41854

AFFECTED PRODUCTS

vendor:	moxa	model:	iologik e1260	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1211	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1210	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1242	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1240	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1241	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1213	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1262	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1212	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1214	scope:	lt	version:	3.3	Trust: 1.0
vendor:	moxa	model:	iologik e1240	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1241	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1211	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1210	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1213	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1260	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1214	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1242	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1212	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1262	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e1200 series	scope:	lt	version:	3.3	Trust: 0.6

sources: CNVD: CNVD-2024-41854 // JVNDB: JVNDB-2023-023737 // NVD: CVE-2023-5962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-5962
value:	MEDIUM
Trust: 1.0
psirt@moxa.com:	CVE-2023-5962
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-5962
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-41854
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-41854
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-5962
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2023-5962
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41854 // JVNDB: JVNDB-2023-023737 // NVD: CVE-2023-5962 // NVD: CVE-2023-5962

PROBLEMTYPE DATA

problemtype:	CWE-328	Trust: 1.0
problemtype:	CWE-327	Trust: 1.0
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-023737 // NVD: CVE-2023-5962

PATCH

title:

Patch for MOXA ioLogik E1200 Series Encryption Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/601586

Trust: 0.6

sources: CNVD: CNVD-2024-41854

EXTERNAL IDS

db:	NVD	id:	CVE-2023-5962	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-023737	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41854	Trust: 0.6

sources: CNVD: CNVD-2024-41854 // JVNDB: JVNDB-2023-023737 // NVD: CVE-2023-5962

REFERENCES

url:	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2023-5962	Trust: 0.8

sources: CNVD: CNVD-2024-41854 // JVNDB: JVNDB-2023-023737 // NVD: CVE-2023-5962

SOURCES

db:	CNVD	id:	CNVD-2024-41854
db:	JVNDB	id:	JVNDB-2023-023737
db:	NVD	id:	CVE-2023-5962

LAST UPDATE DATE

2024-10-29T23:50:06.391000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41854	date:	2024-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-023737	date:	2024-01-29T07:01:00
db:	NVD	id:	CVE-2023-5962	date:	2024-10-28T07:15:07.333

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41854	date:	2024-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-023737	date:	2024-01-29T00:00:00
db:	NVD	id:	CVE-2023-5962	date:	2023-12-23T09:15:08.050