{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5962", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2023-11-06T07:47:33.243Z", "datePublished": "2023-12-23T09:09:01.920Z", "dateUpdated": "2024-08-02T08:14:25.146Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ioLogik E1200 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.3", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reza Rashidi from HADESS"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.</p>"}], "value": "A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.\n\n"}], "impacts": [{"capecId": "CAPEC-20", "descriptions": [{"lang": "en", "value": "CAPEC-20: Encryption Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2023-12-23T09:09:01.920Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. </p><p></p><ul><li>ioLogik E1200 Series : Please contact Moxa Technical Support for the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/tw/support/technical-support\">security patch (v3.3.7).</a></li></ul><p></p>"}], "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. \n\n\n\n * ioLogik E1200 Series : Please contact Moxa Technical Support for the security patch (v3.3.7). https://www.moxa.com/tw/support/technical-support \n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "ioLogik E1200 Series: Weak Cryptographic Algorithm Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.146Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF14969B-6E9F-4553-96EB-7BE6C5834260", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1210:-:*:*:*:*:*:*:*", "matchCriteriaId": "67DDCD42-10D5-46B2-AB91-66EF30D5D645", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1211_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D03FA4E2-4A30-4ED9-BA4D-5546FC0BA939", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1211:-:*:*:*:*:*:*:*", "matchCriteriaId": "308E46FB-488A-4907-9A69-AACDE23A3394", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1212_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA133D93-4A1D-419A-92C5-C0C0A35187B5", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1212:-:*:*:*:*:*:*:*", "matchCriteriaId": "616E5D0B-0D3A-4808-8C15-2FDC35E8605C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1213_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E39755B-9625-4D95-B425-BD28B60180CA", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1213:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AAE4F4E-779C-401F-A75E-AC66757DD313", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1214_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F59B517D-63C4-4FE5-A89F-B2A235E8239A", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1214:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0837606-60F7-4563-8F80-AE7C1CC3F469", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1240_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90601A69-F749-4E68-A034-74B9F046436F", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1240:-:*:*:*:*:*:*:*", "matchCriteriaId": "77A9D90D-0419-410C-AF65-0FFE0FF2882F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1241_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "38280BA6-C262-45AC-AD33-813523F64DAB", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1241:-:*:*:*:*:*:*:*", "matchCriteriaId": "3239D045-8A7C-4407-B77C-E82C178D8B90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1242_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB237801-4287-4A30-8CE8-DB90FAB5C118", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1242:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D40DF4C-0EA9-44B0-8D8C-D1FC2AB5A357", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACDAE3E7-675E-44BF-BD57-BF5C31B969A5", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1260:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0B4FA04-BF84-4B8A-A295-0312A3790F2E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_e1262_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "485CCB1F-A642-48B2-A8AD-4A7EBB5791BD", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_e1262:-:*:*:*:*:*:*:*", "matchCriteriaId": "3366C39B-50FD-497B-A6A1-875CEB8913C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.\n\n"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de algoritmo criptogr\u00e1fico d\u00e9bil en las versiones de firmware de la serie ioLogik E1200 v3.3 y anteriores. Esta vulnerabilidad puede ayudar a un atacante a comprometer la confidencialidad de datos confidenciales. Esta vulnerabilidad puede llevar a un atacante a obtener una autorizaci\u00f3n inesperada."}], "id": "CVE-2023-5962", "lastModified": "2024-01-03T20:04:06.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2023-12-23T09:15:08.050", "references": [{"source": "psirt@moxa.com", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}