CVE-2016-8359 — MEDIUM (6.1)

Q: How severe is CVE-2016-8359?

CVE-2016-8359 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-8359?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Iologik E1200 Series Firmware, Moxa Iologik E1210, Moxa Iologik E1212, Moxa Iologik E1214, Moxa Iologik E1241.

Vulnerability Description

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING).

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Moxa	Iologik E1200 Series Firmware	<= 2.4
Moxa	Iologik E1210	-
Moxa	Iologik E1212	-
Moxa	Iologik E1214	-
Moxa	Iologik E1241	-
Moxa	Iologik E1242	-
Moxa	Iologik E1260	-
Moxa	Iologik E1262	-
Moxa	Iologik E1211	-
Moxa	Iologik E1240	-
Moxa	Iologik E1213	-
Moxa	Iologik E2200 Series Firmware	<= 3.11
Moxa	Iologik E2214	-
Moxa	Iologik E2240	-
Moxa	Iologik E2242	-
Moxa	Iologik E2262	-
Moxa	Iologik E2210	-
Moxa	Iologik E2260	-
Moxa	Iologik E2212	-

Related Weaknesses (CWE)

CWE-79

References

http://www.securityfocus.com/bid/93550Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/93550Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2016-8359?

CVE-2016-8359 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware ...

How severe is CVE-2016-8359?

CVE-2016-8359 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8359?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Iologik E1200 Series Firmware, Moxa Iologik E1210, Moxa Iologik E1212, Moxa Iologik E1214, Moxa Iologik E1241.