CVE-2023-4228

Name of the Vulnerable Software and Affected Versions ioLogik 4000 Series (ioLogik E4200) versions v1.6 and prior

Description A vulnerability has been identified where the session cookies attribute is not set properly, potentially exposing user session data to unauthorized access and manipulation. The issue is related to the use of cookies to store confidential information without the HttpOnly flag, which may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For ioLogik 4000 Series (ioLogik E4200) versions v1.6 and prior, consider disabling the use of session cookies or restricting access to the affected application until a patch is available. As a temporary workaround, restrict access to sensitive information stored in cookies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.