CVE-2023-5035 — LOW (3.1) — White Hats Nepal

Q: How severe is CVE-2023-5035?

CVE-2023-5035 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5035?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Eds-G503 Firmware, Moxa Eds-G503.

Vulnerability Description

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

CVSS Score

3.1

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Moxa	Eds-G503 Firmware	< 5.2
Moxa	Eds-G503	-

Related Weaknesses (CWE)

CWE-614 CWE-319

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230203-ptVendor Advisory
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230203-ptVendor Advisory

FAQ

What is CVE-2023-5035?

CVE-2023-5035 is a vulnerability with a CVSS score of 3.1 (LOW). A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be...

How severe is CVE-2023-5035?

CVE-2023-5035 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5035?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Eds-G503 Firmware, Moxa Eds-G503.