PT-2017-10074 · Moxa · Miineport E3+2
Aditya Sood
·
Published
2017-02-13
·
Updated
2017-02-23
·
CVE-2016-9344
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moxa MiiNePort E1 versions prior to 1.8
Moxa MiiNePort E2 versions prior to 1.4
Moxa MiiNePort E3 versions prior to 1.1
Description
An issue allows an attacker to potentially brute force an active session cookie, enabling them to download configuration files.
Recommendations
For Moxa MiiNePort E1 versions prior to 1.8, update to version 1.8 or later.
For Moxa MiiNePort E2 versions prior to 1.4, update to version 1.4 or later.
For Moxa MiiNePort E3 versions prior to 1.1, update to version 1.1 or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Miineport E1
Miineport E2
Miineport E3