CVE-2023-4229 - OpenCVE

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moxa	Iologik E4200 Iologik E4200 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:moxa:iologik_e4200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:iologik_e4200:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability

History

No history.

MITRE

Status: PUBLISHED

Assigner: Moxa

Published: 2023-08-24T06:33:44.358Z

Updated: 2024-08-02T07:24:02.976Z

Reserved: 2023-08-08T07:25:41.151Z

Link: CVE-2023-4229

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-24T07:15:11.930

Modified: 2023-08-29T23:35:40.940

Link: CVE-2023-4229

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4229", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2023-08-08T07:25:41.151Z", "datePublished": "2023-08-24T06:33:44.358Z", "dateUpdated": "2024-08-02T07:24:02.976Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ioLogik 4000 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.6", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures."}], "value": "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures."}], "impacts": [{"capecId": "CAPEC-103", "descriptions": [{"lang": "en", "value": "CAPEC-103: Clickjacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1021", "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2023-08-24T06:33:44.358Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.<br><ul><li>ioLogik 4000 Series (ioLogik E4200): Please contact Moxa Technical Support for the security patch.</li></ul>"}], "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\n * ioLogik 4000 Series (ioLogik E4200): Please contact Moxa Technical Support for the security patch.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "ioLogik 4000 Series: Session Headers Not Implemented", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:02.976Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e4200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEF12B05-ED1F-4200-95AA-04D902B38DD7", "versionEndIncluding": "1.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDD86C52-2E62-4B05-B3A3-5EA4A97F9332", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures."}], "id": "CVE-2023-4229", "lastModified": "2023-08-29T23:35:40.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2023-08-24T07:15:11.930", "references": [{"source": "psirt@moxa.com", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1021"}], "source": "psirt@moxa.com", "type": "Secondary"}]}