ID

VAR-201702-0594


CVE

CVE-2016-9366


TITLE

plural Moxa NPort Vulnerabilities that can bypass product authentication

Trust: 0.8

sources: JVNDB: JVNDB-2016-007642

DESCRIPTION

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication. MOXANport is a serial communication server. MoxaNPort has an authentication vulnerability. Multiple Moxa NPort products are prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to bypass security restrictions, perform unauthorized actions, gain escalated privileges and execute arbitrary code in the context of the affected application and cause a denial-of-service condition. Successful exploitation will allow an attacker to take control of the affected system

Trust: 2.52

sources: NVD: CVE-2016-9366 // JVNDB: JVNDB-2016-007642 // CNVD: CNVD-2016-11880 // BID: 85965 // VULHUB: VHN-98186

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11880

AFFECTED PRODUCTS

vendor:moxamodel:nport 5200 seriesscope:lteversion:2.7

Trust: 1.0

vendor:moxamodel:nport 5600 seriesscope:lteversion:3.6

Trust: 1.0

vendor:moxamodel:nport 5400 seriesscope:lteversion:3.10

Trust: 1.0

vendor:moxamodel:nport p5150a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope:lteversion:3.5

Trust: 1.0

vendor:moxamodel:nport 5600-8-dtl seriesscope:lteversion:2.3

Trust: 1.0

vendor:moxamodel:nport 5100a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope:lteversion:2.5

Trust: 1.0

vendor:moxamodel:nport 5x50a1-m12 seriesscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:nport 6100 seriesscope:lteversion:1.13

Trust: 1.0

vendor:moxamodel:nport 5200a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5100a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5110scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5110ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5130scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5130ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5200 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5200a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5210scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5210ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5230scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5230ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5232scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5232iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5400 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5410scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5430scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5430iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450i-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5600 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5600-8-dtl seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5610scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5610-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5630scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650i-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5x50a1-m12 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6150scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6150-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport p5110ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport p5150a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nportscope:eqversion:5110<2.6

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5130/5150<3.6

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5200<2.8

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5400<3.11

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5600<3.7

Trust: 0.6

vendor:moxamodel:nport p5150ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5100ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5200ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5150ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5250ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5450ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtscope:ltversion:2.4

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtlscope:ltversion:2.4

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:6x50<1.13.11

Trust: 0.6

vendor:moxamodel:nport ia5450ascope:ltversion:1.4

Trust: 0.6

vendor:moxamodel:nport 6100 seriesscope:eqversion:1.13

Trust: 0.6

vendor:moxamodel:nport 5100 seriesscope:eqversion:3.5

Trust: 0.6

vendor:moxamodel:nport 5100 seriesscope:eqversion:2.5

Trust: 0.6

vendor:moxamodel:nport 5400 seriesscope:eqversion:3.10

Trust: 0.6

vendor:moxamodel:nport p5150a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5100a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5200a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5600 seriesscope:eqversion:3.6

Trust: 0.6

vendor:moxamodel:nport 5200 seriesscope:eqversion:2.7

Trust: 0.6

vendor:moxamodel:nport 5x50a1-m12 seriesscope:eqversion:1.1

Trust: 0.6

vendor:moxamodel:nport p5150ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport ia5450ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:6x500

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:66501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:66101.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:64501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:62501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61101.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61100

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:60000

Trust: 0.3

vendor:moxamodel:nport 5x50ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5600-dt/dtlscope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtlscope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:56000

Trust: 0.3

vendor:moxamodel:nport 5450ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:54000

Trust: 0.3

vendor:moxamodel:nport 5250ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5200ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:52000

Trust: 0.3

vendor:moxamodel:nport 5150ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51503.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51102.5

Trust: 0.3

vendor:moxamodel:nport 5100ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51000

Trust: 0.3

vendor:moxamodel:nport ia5450ascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:nportscope:neversion:6x501.14

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtlscope:neversion:1.3

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtscope:neversion:2.4

Trust: 0.3

vendor:moxamodel:nportscope:neversion:56003.7

Trust: 0.3

vendor:moxamodel:nport 5450ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nportscope:neversion:54003.11

Trust: 0.3

vendor:moxamodel:nport 5250ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nport 5200ascope:neversion:1.3

Trust: 0.3

vendor:moxamodel:nportscope:neversion:52002.8

Trust: 0.3

vendor:moxamodel:nport 5150ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51503.6

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51303.6

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51102.6

Trust: 0.3

vendor:moxamodel:nport 5100ascope:neversion:1.3

Trust: 0.3

sources: CNVD: CNVD-2016-11880 // BID: 85965 // JVNDB: JVNDB-2016-007642 // CNNVD: CNNVD-201612-035 // NVD: CVE-2016-9366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9366
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-9366
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-11880
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201612-035
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98186
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9366
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11880
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98186
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9366
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11880 // VULHUB: VHN-98186 // JVNDB: JVNDB-2016-007642 // CNNVD: CNNVD-201612-035 // NVD: CVE-2016-9366

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-98186 // JVNDB: JVNDB-2016-007642 // NVD: CVE-2016-9366

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-035

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201612-035

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007642

PATCH

title:トップページurl:http://japan.moxa.com/index.htm

Trust: 0.8

title:MoxaNPort authentication vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/84968

Trust: 0.6

title:Multiple Moxa Nport Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66089

Trust: 0.6

sources: CNVD: CNVD-2016-11880 // JVNDB: JVNDB-2016-007642 // CNNVD: CNNVD-201612-035

EXTERNAL IDS

db:ICS CERTid:ICSA-16-336-02

Trust: 3.4

db:NVDid:CVE-2016-9366

Trust: 3.4

db:BIDid:85965

Trust: 2.0

db:JVNDBid:JVNDB-2016-007642

Trust: 0.8

db:CNNVDid:CNNVD-201612-035

Trust: 0.7

db:CNVDid:CNVD-2016-11880

Trust: 0.6

db:ICS CERT ALERTid:ICS-ALERT-16-099-01

Trust: 0.3

db:VULHUBid:VHN-98186

Trust: 0.1

sources: CNVD: CNVD-2016-11880 // VULHUB: VHN-98186 // BID: 85965 // JVNDB: JVNDB-2016-007642 // CNNVD: CNNVD-201612-035 // NVD: CVE-2016-9366

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-336-02

Trust: 3.4

url:http://www.securityfocus.com/bid/85965

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9366

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9366

Trust: 0.8

url:http://www.moxa.com/product/vport_sdk.htm

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-16-099-01

Trust: 0.3

sources: CNVD: CNVD-2016-11880 // VULHUB: VHN-98186 // BID: 85965 // JVNDB: JVNDB-2016-007642 // CNNVD: CNNVD-201612-035 // NVD: CVE-2016-9366

CREDITS

Reid Wightman of Digital Bonds Labs

Trust: 0.9

sources: BID: 85965 // CNNVD: CNNVD-201612-035

SOURCES

db:CNVDid:CNVD-2016-11880
db:VULHUBid:VHN-98186
db:BIDid:85965
db:JVNDBid:JVNDB-2016-007642
db:CNNVDid:CNNVD-201612-035
db:NVDid:CVE-2016-9366

LAST UPDATE DATE

2024-11-23T21:54:16.783000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11880date:2016-12-06T00:00:00
db:VULHUBid:VHN-98186date:2017-02-17T00:00:00
db:BIDid:85965date:2016-12-20T02:04:00
db:JVNDBid:JVNDB-2016-007642date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-035date:2016-12-06T00:00:00
db:NVDid:CVE-2016-9366date:2024-11-21T03:01:01.843

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11880date:2016-12-05T00:00:00
db:VULHUBid:VHN-98186date:2017-02-13T00:00:00
db:BIDid:85965date:2016-04-08T00:00:00
db:JVNDBid:JVNDB-2016-007642date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-035date:2016-04-08T00:00:00
db:NVDid:CVE-2016-9366date:2017-02-13T21:59:02.253