{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5962","assignerOrgId":"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa","state":"PUBLISHED","assignerShortName":"Moxa","dateReserved":"2023-11-06T07:47:33.243Z","datePublished":"2023-12-23T09:09:01.920Z","dateUpdated":"2024-10-28T06:14:46.184Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ioLogik E1200 Series","vendor":"Moxa","versions":[{"lessThanOrEqual":"3.3","status":"affected","version":"1.0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Reza Rashidi from HADESS"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.</p>"}],"value":"A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization."}],"impacts":[{"capecId":"CAPEC-20","descriptions":[{"lang":"en","value":"CAPEC-20: Encryption Brute Forcing"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-328","description":"CWE-328: Use of Weak Hash","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa","shortName":"Moxa","dateUpdated":"2024-10-28T06:14:46.184Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. </p><p></p><ul><li>ioLogik E1200 Series : Please contact Moxa Technical Support for the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/tw/support/technical-support\">security patch (v3.3.7).</a></li></ul><p></p>"}],"value":"Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. \n\n\n\n  *  ioLogik E1200 Series : Please contact Moxa Technical Support for the  security patch (v3.3.7). https://www.moxa.com/tw/support/technical-support"}],"source":{"discovery":"EXTERNAL"},"title":"ioLogik E1200 Series: Weak Cryptographic Algorithm Vulnerability","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:14:25.146Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"}]}]}}