CVE-2023-4217

Published Nov 2, 2023

Last updated a year ago

CVSS medium 5.3

Overview

Description: A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
Source: psirt@moxa.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-668
psirt@moxa.com: CWE-1004

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:eds-g503:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "80A7E418-48BA-42E7-B0C6-AD9A3F1E18E8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:eds-g503_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEE72D70-1B7F-4F7C-ABA5-1542A0B4DC64",
            "versionEndExcluding": "5.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References