PT-2017-9637 · Moxa · Iologik E1214+16

Published

2017-02-13

·

Updated

2021-05-19

·

CVE-2016-8359

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Moxa ioLogik E1210 versions V2.4 and prior Moxa ioLogik E1211 versions V2.3 and prior Moxa ioLogik E1212 versions V2.4 and prior Moxa ioLogik E1213 versions V2.5 and prior Moxa ioLogik E1214 versions V2.4 and prior Moxa ioLogik E1240 versions V2.3 and prior Moxa ioLogik E1241 versions V2.4 and prior Moxa ioLogik E1242 versions V2.4 and prior Moxa ioLogik E1260 versions V2.4 and prior Moxa ioLogik E1262 versions V2.4 and prior Moxa ioLogik E2210 versions prior to V3.13 Moxa ioLogik E2212 versions prior to V3.14 Moxa ioLogik E2214 versions prior to V3.12 Moxa ioLogik E2240 versions prior to V3.12 Moxa ioLogik E2242 versions prior to V3.12 Moxa ioLogik E2260 versions prior to V3.13 Moxa ioLogik E2262 versions prior to V3.12
Description The web application of the affected Moxa ioLogik devices fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code. This issue is related to CROSS-SITE SCRIPTING.
Recommendations For Moxa ioLogik E1210, update to a version later than V2.4. For Moxa ioLogik E1211, update to a version later than V2.3. For Moxa ioLogik E1212, update to a version later than V2.4. For Moxa ioLogik E1213, update to a version later than V2.5. For Moxa ioLogik E1214, update to a version later than V2.4. For Moxa ioLogik E1240, update to a version later than V2.3. For Moxa ioLogik E1241, update to a version later than V2.4. For Moxa ioLogik E1242, update to a version later than V2.4. For Moxa ioLogik E1260, update to a version later than V2.4. For Moxa ioLogik E1262, update to a version later than V2.4. For Moxa ioLogik E2210, update to a version V3.13 or later. For Moxa ioLogik E2212, update to a version V3.14 or later. For Moxa ioLogik E2214, update to a version V3.12 or later. For Moxa ioLogik E2240, update to a version V3.12 or later. For Moxa ioLogik E2242, update to a version V3.12 or later. For Moxa ioLogik E2260, update to a version V3.13 or later. For Moxa ioLogik E2262, update to a version V3.12 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-8359

Affected Products

Iologik E1210
Iologik E1211
Iologik E1212
Iologik E1213
Iologik E1214
Iologik E1240
Iologik E1241
Iologik E1242
Iologik E1260
Iologik E1262
Iologik E2210
Iologik E2212
Iologik E2214
Iologik E2240
Iologik E2242
Iologik E2260
Iologik E2262