Sign-up

ID

VAR-201302-0026


CVE

CVE-2012-4694


TITLE

Moxa EDR-G903 Vulnerability impersonating a device in a series router

Trust: 0.8

sources: JVNDB: JVNDB-2012-005933

DESCRIPTION

Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. The MOXA EDR-G903 is a series of all-in-one firewall/VPN secure router devices with Gigabit performance. MOXA EDR-G903 is prone to an unauthorized access vulnerability and a weakness in the entropy of the generated key. Successful exploits will allow attackers to gain access to the device and sensitive information. Successful exploits may result in the attacker executing arbitrary commands or gain unauthorized access on the affected system. Moxa EDR-G903 is a security router product from Moxa that integrates firewall/VPN. The vulnerability is caused by the program not using enough resource entropy for (1) SSH and (2) SSL keys. A man-in-the-middle attacker could exploit this vulnerability to counterfeit a device or modify client-server traffic by exploiting keys that the product secures elsewhere. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Moxa EDR-G903 Series Weak Entropy Key Generation Weakness SECUNIA ADVISORY ID: SA52141 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52141/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52141 RELEASE DATE: 2013-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/52141/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52141/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52141 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Moxa EDR-G903 Series, which can be exploited by malicious people to conduct brute force attacks. The weakness is reported in firmware versions prior to 2.11. SOLUTION: Update to version 2.11. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Neil Smith ORIGINAL ADVISORY: MOXA: http://www.moxa.com/support/download.aspx?type=support&id=492 ICS-CERT: http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2012-4694 // JVNDB: JVNDB-2012-005933 // CNVD: CNVD-2013-01087 // BID: 57897 // VULHUB: VHN-57975 // PACKETSTORM: 120261

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-01087

AFFECTED PRODUCTS

vendor:moxamodel:edr g903scope:eqversion:2.0

Trust: 1.6

vendor:moxamodel:edr g903scope:eqversion:2.1

Trust: 1.6

vendor:moxamodel:edr g903scope:eqversion:1.0

Trust: 1.6

vendor:moxamodel:edr g903scope:lteversion:2.2

Trust: 1.0

vendor:moxamodel:edr-g903scope:eqversion: -

Trust: 1.0

vendor:moxamodel:edr-g903 seriesscope:ltversion:2.11

Trust: 0.8

vendor:moxamodel:edr-g903scope: - version: -

Trust: 0.6

vendor:moxamodel:edr g903scope:eqversion:2.2

Trust: 0.6

vendor:moxamodel:edr-g903scope:eqversion:2.1

Trust: 0.3

vendor:moxamodel:edr-g903scope:neversion:2.11

Trust: 0.3

sources: CNVD: CNVD-2013-01087 // BID: 57897 // JVNDB: JVNDB-2012-005933 // CNNVD: CNNVD-201302-263 // NVD: CVE-2012-4694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4694
value: HIGH

Trust: 1.0

NVD: CVE-2012-4694
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201302-263
value: HIGH

Trust: 0.6

VULHUB: VHN-57975
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4694
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57975
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57975 // JVNDB: JVNDB-2012-005933 // CNNVD: CNNVD-201302-263 // NVD: CVE-2012-4694

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-57975 // JVNDB: JVNDB-2012-005933 // NVD: CVE-2012-4694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-263

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201302-263

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005933

PATCH
title:Top Pageurl:http://www.moxa.com/
Trust: 0.8
title:トップページurl:http://japan.moxa.com/index.htm
Trust: 0.8
title:代理店一覧url:http://japan.moxa.com/buy/Default.htm#japan
Trust: 0.8
title:Firmware for MOXA EDR-G903 seriesurl:http://www.moxa.com/support/download.aspx?type=support&id=492
Trust: 0.8
title:MOXA EDR-G903 patch with insufficient entropy vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/31932
Trust: 0.6
title:EDR_G903_V2.11url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45361
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-01087 // 
            
            
            
            JVNDB: JVNDB-2012-005933 // 
            
            
            
            CNNVD: CNNVD-201302-263

EXTERNAL IDS
db:ICS CERTid:ICSA-13-042-01
Trust: 3.5
db:NVDid:CVE-2012-4694
Trust: 3.4
db:JVNDBid:JVNDB-2012-005933
Trust: 0.8
db:SECUNIAid:52141
Trust: 0.8
db:CNNVDid:CNNVD-201302-263
Trust: 0.7
db:CNVDid:CNVD-2013-01087
Trust: 0.6
db:BIDid:57897
Trust: 0.3
db:VULHUBid:VHN-57975
Trust: 0.1
db:PACKETSTORMid:120261
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-01087 // 
            
            
            
            VULHUB: VHN-57975 // 
            
            
            
            BID: 57897 // 
            
            
            
            JVNDB: JVNDB-2012-005933 // 
            
            
            
            PACKETSTORM: 120261 // 
            
            
            
            CNNVD: CNNVD-201302-263 // 
            
            
            
            NVD: CVE-2012-4694

REFERENCES
url:http://ics-cert.us-cert.gov/pdf/icsa-13-042-01.pdf
Trust: 3.5
url:http://www.moxa.com/support/download.aspx?type=support&id=492
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4694
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4694
Trust: 0.8
url:http://secunia.com/advisories/52141
Trust: 0.6
url:http://www.moxa.com/product/edr-g903.htm
Trust: 0.3
url:http://www.moxa.com/support/download.aspx?type=support&id=492
Trust: 0.1
url:http://secunia.com/advisories/52141/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=52141
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/52141/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-01087 // 
            
            
            
            VULHUB: VHN-57975 // 
            
            
            
            BID: 57897 // 
            
            
            
            JVNDB: JVNDB-2012-005933 // 
            
            
            
            PACKETSTORM: 120261 // 
            
            
            
            CNNVD: CNNVD-201302-263 // 
            
            
            
            NVD: CVE-2012-4694

CREDITS
Neil Smith
Trust: 0.3
sources:
            
            
            BID: 57897

SOURCES
db:CNVDid:CNVD-2013-01087
db:VULHUBid:VHN-57975
db:BIDid:57897
db:JVNDBid:JVNDB-2012-005933
db:PACKETSTORMid:120261
db:CNNVDid:CNNVD-201302-263
db:NVDid:CVE-2012-4694

LAST UPDATE DATE
2024-08-14T15:03:42.615000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-01087date:2013-02-20T00:00:00
db:VULHUBid:VHN-57975date:2013-02-15T00:00:00
db:BIDid:57897date:2013-02-11T00:00:00
db:JVNDBid:JVNDB-2012-005933date:2013-02-18T00:00:00
db:CNNVDid:CNNVD-201302-263date:2013-03-11T00:00:00
db:NVDid:CVE-2012-4694date:2013-02-15T12:09:27.633

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-01087date:2013-02-20T00:00:00
db:VULHUBid:VHN-57975date:2013-02-15T00:00:00
db:BIDid:57897date:2013-02-11T00:00:00
db:JVNDBid:JVNDB-2012-005933date:2013-02-18T00:00:00
db:PACKETSTORMid:120261date:2013-02-13T11:12:30
db:CNNVDid:CNNVD-201302-263date:2013-02-20T00:00:00
db:NVDid:CVE-2012-4694date:2013-02-15T12:09:27.633