PatchSiren cyber security CVE debrief
CVE-2016-8359 Moxa CVE debrief
CVE-2016-8359 is a cross-site scripting (XSS) vulnerability in the web application used by multiple Moxa ioLogik devices. According to the NVD record, the issue stems from failure to sanitize user input and can allow an attacker to inject script content, with CVSS 3.1 rated 6.1 (network-based, low attack complexity, no privileges required, user interaction required, and scope changed). The affected products listed in the CVE description include several ioLogik E1200- and E2200-series models with model-specific firmware cutoffs.
- Vendor
- Moxa
- Product
- CVE-2016-8359
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Operators and administrators of Moxa ioLogik E1200/E2200 deployments, especially OT/ICS teams that expose the device web interface to internal or remote networks. Security teams responsible for industrial automation assets should also review these devices for exposure and firmware status.
Technical summary
The reported weakness is CWE-79 (improper neutralization of input during web page generation). NVD describes the flaw as unsanitized user input in the ioLogik web application, which may permit script injection and related code execution in the browser context. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates a remotely reachable issue that depends on a victim interacting with crafted content or a manipulated web page/session.
Defensive priority
Medium severity, but higher operational priority if any affected ioLogik web interface is reachable from shared or untrusted networks. Treat as time-sensitive in OT environments because browser-side injection against device management interfaces can affect integrity of administration sessions.
Recommended defensive actions
- Identify all Moxa ioLogik E1200- and E2200-series devices in inventory and verify exact firmware versions against the CVE's affected ranges.
- Update each affected device to a vendor-fixed firmware release, using Moxa's guidance for the specific model.
- Restrict access to the device web interface to trusted administrative networks only; avoid direct exposure to broader enterprise or internet-facing segments.
- Use least-privilege admin access and separate management sessions from general browsing to reduce user-interaction risk.
- Review any browser-based management workflow for signs of injected content or unexpected redirects, especially on devices still running affected firmware.
- If patching is delayed, apply compensating controls such as network segmentation, access controls, and monitoring of management traffic.
Evidence notes
The debrief is based on the supplied NVD-derived record and its official references. NVD states the vulnerability is in the web application's failure to sanitize user input, enabling script injection or arbitrary code execution, and assigns CWE-79. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The affected firmware ranges and models are taken from the CVE description and the NVD CPE criteria. References in the record include the official CVE entry, NVD detail page, a US-CERT/ICS-CERT advisory, and a SecurityFocus BID entry.
Official resources
-
CVE-2016-8359 CVE record
CVE.org
-
CVE-2016-8359 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
Publicly disclosed in the CVE record on 2017-02-13, with advisory references in the supplied record pointing to ICS-CERT and SecurityFocus resources.