CVE-2023-4229 - OpenCVE

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Moxa	Iologik E4200 Iologik E4200 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:moxa:iologik_e4200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:iologik_e4200:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Moxa

Published: 2023-08-24T06:33:44.358Z

Updated: 2023-08-24T06:33:44.358Z

Reserved: 2023-08-08T07:25:41.151Z

Link: CVE-2023-4229

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-24T07:15:11.930

Modified: 2023-08-29T23:35:40.940

Link: CVE-2023-4229

JSON object: View

Redhat Information

No data.

CWE

CWE-1021

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4229", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2023-08-08T07:25:41.151Z", "datePublished": "2023-08-24T06:33:44.358Z", "dateUpdated": "2023-08-24T06:33:44.358Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ioLogik 4000 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.6", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures."}], "value": "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures."}], "impacts": [{"capecId": "CAPEC-103", "descriptions": [{"lang": "en", "value": "CAPEC-103: Clickjacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1021", "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2023-08-24T06:33:44.358Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.<br><ul><li>ioLogik 4000 Series (ioLogik E4200): Please contact Moxa Technical Support for the security patch.</li></ul>"}], "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\n * ioLogik 4000 Series (ioLogik E4200): Please contact Moxa Technical Support for the security patch.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "ioLogik 4000 Series: Session Headers Not Implemented", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e4200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEF12B05-ED1F-4200-95AA-04D902B38DD7", "versionEndIncluding": "1.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDD86C52-2E62-4B05-B3A3-5EA4A97F9332", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures."}], "id": "CVE-2023-4229", "lastModified": "2023-08-29T23:35:40.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2023-08-24T07:15:11.930", "references": [{"source": "psirt@moxa.com", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1021"}], "source": "psirt@moxa.com", "type": "Secondary"}]}