Main Vulnerability Database SB2016101808

SB2016101808 - Cross-site request forgery in Moxa ioLogik

Published: October 18, 2016

Security Bulletin ID SB2016101808

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cross-site request forgery (CVE-ID: CVE-2016-8350)

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote unauthenticated user to perform cross-site request forgery attack on the target system.
The weakness is due to improper request verification that allows attackers to conduct CSRF attack.
Successful exploitation of the vulnerability may result in full vulnerable system compromise.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05