PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-8350 Moxa CVE debrief

CVE-2016-8350 describes a cross-site request forgery (CSRF) weakness in the Moxa ioLogik web application. In affected firmware, the interface may not sufficiently verify that a request came from a valid user, which can allow unauthorized state-changing actions through a forged browser request. The issue affects multiple ioLogik E1200-series and E2200-series models at the firmware versions listed by the CVE.

Vendor
Moxa
Product
CVE-2016-8350
CVSS
MEDIUM 6.3
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-13
Original CVE updated
2026-05-13
Advisory published
2017-02-13
Advisory updated
2026-05-13

Who should care

Operators, OT/ICS administrators, and network defenders responsible for Moxa ioLogik E1210/E1211/E1212/E1213/E1214/E1240/E1241/E1242/E1260/E1262 and E2210/E2212/E2214/E2240/E2242/E2260/E2262 devices should review exposure, especially where the web management interface is reachable from user workstations or shared administrative networks.

Technical summary

NVD records CVE-2016-8350 as CWE-352 (CSRF) with CVSS v3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. The published description states that the web application may not sufficiently verify whether a request was provided by a valid user. Affected firmware versions include E1210 V2.4 and prior, E1211 V2.3 and prior, E1212 V2.4 and prior, E1213 V2.5 and prior, E1214 V2.4 and prior, E1240 V2.3 and prior, E1241 V2.4 and prior, E1242 V2.4 and prior, E1260 V2.4 and prior, E1262 V2.4 and prior, and E2210 prior to V3.13, E2212 prior to V3.14, E2214 prior to V3.12, E2240 prior to V3.12, E2242 prior to V3.12, E2260 prior to V3.13, and E2262 prior to V3.12.

Defensive priority

Medium. The CVSS score is 6.3, but the practical risk can increase if the management interface is reachable from normal user browsing environments or broader internal networks.

Recommended defensive actions

  • Verify whether any Moxa ioLogik devices in scope match the affected models and firmware thresholds listed in the CVE.
  • Restrict access to the device web management interface to trusted admin networks, VPNs, or jump hosts only.
  • Apply vendor-recommended firmware updates or mitigations from the Moxa/ICS-CERT advisory path before exposing management access broadly.
  • Limit the use of shared or unmanaged endpoints for administration, and require administrative access only from controlled workstations.
  • Review browser and network controls that reduce cross-site request exposure, such as tight segmentation and access filtering around industrial management interfaces.
  • Reassess any external or internal exposure of the device web UI after remediation to confirm the management plane is no longer broadly reachable.

Evidence notes

This debrief is based on the official CVE record, NVD entry, and the referenced ICS-CERT advisory link. The CVE description identifies a CSRF flaw in the Moxa ioLogik web application and lists the affected models and firmware version ceilings. NVD classifies the weakness as CWE-352 and assigns CVSS v3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (6.3 MEDIUM). CVE publishedAt is 2017-02-13T21:59:00.737Z; the later modified timestamp reflects record updates and should not be treated as the issue date.

Official resources

Publicly disclosed on 2017-02-13. The 2026-05-13 modified timestamp in the source data reflects a later record update, not the original vulnerability date.