Information disclosure in ioLogik - CVE-2016-8379
Published: October 18, 2016
Vulnerability identifier: #VU1025
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8379
CWE-ID: CWE-521
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
ioLogik
ioLogik
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to obtain private data on the target system.
The weakness is due to weak password requirements and allows attakers to gain valid user's passwords.
Successful exploitation of the vulnerability results in disclosure of user's credentials on the vulnerable system.
The weakness is due to weak password requirements and allows attakers to gain valid user's passwords.
Successful exploitation of the vulnerability results in disclosure of user's credentials on the vulnerable system.
How to mitigate CVE-2016-8379
Update firmware to the latest versions.