CVE-2023-5961

Published: Dec 23, 2023Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.

Affected (10)

Products: Moxa: Iologik E1210 Firmware, Iologik E1211 Firmware, Iologik E1212 Firmware, Iologik E1213 Firmware, Iologik E1214 Firmware, Iologik E1240 Firmware, Iologik E1241 Firmware, Iologik E1242 Firmware, Iologik E1260 Firmware, Iologik E1262 Firmware

Moxa

10 products

Iologik E1210 Firmware

Iologik E1211 Firmware

Iologik E1212 Firmware

Iologik E1213 Firmware

Iologik E1214 Firmware

Iologik E1240 Firmware

Iologik E1241 Firmware

Iologik E1242 Firmware

Iologik E1260 Firmware

Iologik E1262 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1210 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1210	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1211 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1211	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1212 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1212	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1213 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1213	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1214 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1214	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1240 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1240	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1241 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1241	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1242 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1242	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1260 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1260	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Iologik E1262 Firmware	Before 3.3

Running on/with	Platform Versions
Moxa Iologik E1262	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability

Source: psirt@moxa.com

Vendor Advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.