CVE-2023-5035

LOW

Moxa Eds-g503 Firmware < 5.2 - Cleartext Transmission

Title source: rule

Description

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

References (1)

[Vendor Advisory] https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230203-pt-g503-series-multiple-vulnerabilities

Scores

CVSS v3 3.1

EPSS 0.0013

EPSS Percentile 33.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-319 CWE-614

Status published

Affected Products (1)

moxa/eds-g503_firmware < 5.2

Timeline

Published Nov 02, 2023

Tracked Since Feb 18, 2026