CVE-2016-2285

moderate-risk
Published 2016-05-31

Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (5)

Miineport E2 1242 Firmware
Miineport E1 7080 Firmware
Miineport E3 Firmware
Miineport E2 4561 Firmware
Miineport E1 4641 Firmware

Affected Vendors

Moxa

References (4)

http://seclists.org/fulldisclosure/2016/May/7
Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01
http://seclists.org/fulldisclosure/2016/May/7
Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01
43
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 12/34 · Low