CVE-2023-4227

ioLogik 4000 Series: Existence of an Unauthorized Service

Description

A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.

Remediation

Solution:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. * ioLogik 4000 Series (ioLogik E4200): Please contact Moxa Technical Support for the security patch.

References

Link	Tags
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-4227?: CVE-2023-4227 has been scored as a medium severity vulnerability.
How to fix CVE-2023-4227?: To fix CVE-2023-4227: Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. * ioLogik 4000 Series (ioLogik E4200): Please contact Moxa Technical Support for the security patch.
Is CVE-2023-4227 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-4227 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-4227?: CVE-2023-4227 affects Moxa ioLogik 4000 Series.

Description

Remediation

Categories

CWE-489 – Active Debug Code

CWE-863 – Incorrect Authorization

References

Frequently Asked Questions