{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-5962",
        "ASSIGNER": "psirt@moxa.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-328: Use of Weak Hash",
                        "cweId": "CWE-328"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Moxa",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "ioLogik E1200 Series",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "1.0",
                                            "version_value": "3.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability",
                "refsource": "MISC",
                "name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. </p><p></p><ul><li>ioLogik E1200 Series : Please contact Moxa Technical Support for the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/tw/support/technical-support\">security patch (v3.3.7).</a></li></ul><p></p>"
                }
            ],
            "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. \n\n\n\n  *  ioLogik E1200 Series : Please contact Moxa Technical Support for the  security patch (v3.3.7). https://www.moxa.com/tw/support/technical-support"
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Reza Rashidi from HADESS"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
            }
        ]
    }
}