| CVE編號 | CVE-2016-8359、CVE-2016-8372 |
|---|---|
| 影響產品 | ‧ioLogik E1210, firmware Version V2.4 and prior, ‧ioLogik E1211, firmware Version V2.3 and prior, ‧ioLogik E1212, firmware Version V2.4 and prior, ‧ioLogik E1213, firmware Version V2.5 and prior, ‧ioLogik E1214, firmware Version V2.4 and prior, ‧ioLogik E1240, firmware Version V2.3 and prior, ‧ioLogik E1241, firmware Version V2.4 and prior, ‧ioLogik E1242, firmware Version V2.4 and prior, ‧ioLogik E1260, firmware Version V2.4 and prior, and ‧ioLogik E1262, firmware Version V2.4 and prior. |
| 解決辦法 | ‧原廠發佈安全更新連結,請參考使用版本進行更新 ioLogik E1210 V2.5: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12462 ioLogik E1211 V2.4: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12469 ioLogik E1212 V2.5: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12467 ioLogik E1213 V2.6: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12466 ioLogik E1214 V2.5: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12464 ioLogik E1240 V2.4: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12460 ioLogik E1241 V2.5: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12461 ioLogik E1242 V2.5: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12458 ioLogik E1260 V2.5: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12463 ioLogik E1262 V2.5: http://www.moxa.com/support/DownloadFile.aspx?type=support&id=12465 |
| 張貼日 | 2016-10-17 |
| 上稿單位 | TWCERT/CC |
‧本次安全更新修補了ioLogik E1200系列之安全漏洞,該漏洞是由於web應用程式未過濾用戶之輸入,導致駭客可以注入指令碼。
‧編註:駭客可能利用這種漏洞攻擊方式,在web應用程式中注入惡意指令碼,並誘使用戶點選觸發該漏洞,進而達到特殊目的。