ID

VAR-201702-0597


CVE

CVE-2016-9371


TITLE

plural Moxa NPort Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007645

DESCRIPTION

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). plural Moxa NPort The product contains a cross-site scripting vulnerability.A cross-site scripting attack may be performed. MOXANport is a serial communication server. An attacker exploits a vulnerability to initiate a cross-site attack. Multiple Moxa NPort products are prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to bypass security restrictions, perform unauthorized actions, gain escalated privileges and execute arbitrary code in the context of the affected application and cause a denial-of-service condition. Successful exploitation will allow an attacker to take control of the affected system. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 2.52

sources: NVD: CVE-2016-9371 // JVNDB: JVNDB-2016-007645 // CNVD: CNVD-2016-11882 // BID: 85965 // VULHUB: VHN-98191

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11882

AFFECTED PRODUCTS

vendor:moxamodel:nport 5200 seriesscope:lteversion:2.7

Trust: 1.0

vendor:moxamodel:nport 5600 seriesscope:lteversion:3.6

Trust: 1.0

vendor:moxamodel:nport 5400 seriesscope:lteversion:3.10

Trust: 1.0

vendor:moxamodel:nport p5150a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope:lteversion:3.5

Trust: 1.0

vendor:moxamodel:nport 5600-8-dtl seriesscope:lteversion:2.3

Trust: 1.0

vendor:moxamodel:nport 5100a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope:lteversion:2.5

Trust: 1.0

vendor:moxamodel:nport 5x50a1-m12 seriesscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:nport 6100 seriesscope:lteversion:1.13

Trust: 1.0

vendor:moxamodel:nport 5200a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5100a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5110scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5110ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5130scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5130ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5200 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5200a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5210scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5210ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5230scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5230ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5232scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5232iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5400 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5410scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5430scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5430iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450i-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5600 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5600-8-dtl seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5610scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5610-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5630scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650i-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5x50a1-m12 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6150scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6150-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport p5110ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport p5150a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nportscope:eqversion:5110<2.6

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5130/5150<3.6

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5200<2.8

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5400<3.11

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5600<3.7

Trust: 0.6

vendor:moxamodel:nport p5150ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5100ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5200ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5150ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5250ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5450ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtscope:ltversion:2.4

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtlscope:ltversion:2.4

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:6x50<1.13.11

Trust: 0.6

vendor:moxamodel:nport ia5450ascope:ltversion:1.4

Trust: 0.6

vendor:moxamodel:nport 5100 seriesscope:eqversion:3.5

Trust: 0.6

vendor:moxamodel:nport 6100 seriesscope:eqversion:1.13

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtl seriesscope:eqversion:2.3

Trust: 0.6

vendor:moxamodel:nport 5100 seriesscope:eqversion:2.5

Trust: 0.6

vendor:moxamodel:nport 5400 seriesscope:eqversion:3.10

Trust: 0.6

vendor:moxamodel:nport p5150a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5100a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5200a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5600 seriesscope:eqversion:3.6

Trust: 0.6

vendor:moxamodel:nport 5x50a1-m12 seriesscope:eqversion:1.1

Trust: 0.6

vendor:moxamodel:nport p5150ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport ia5450ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:6x500

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:66501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:66101.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:64501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:62501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61101.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61100

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:60000

Trust: 0.3

vendor:moxamodel:nport 5x50ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5600-dt/dtlscope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtlscope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:56000

Trust: 0.3

vendor:moxamodel:nport 5450ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:54000

Trust: 0.3

vendor:moxamodel:nport 5250ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5200ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:52000

Trust: 0.3

vendor:moxamodel:nport 5150ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51503.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51102.5

Trust: 0.3

vendor:moxamodel:nport 5100ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51000

Trust: 0.3

vendor:moxamodel:nport ia5450ascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:nportscope:neversion:6x501.14

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtlscope:neversion:1.3

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtscope:neversion:2.4

Trust: 0.3

vendor:moxamodel:nportscope:neversion:56003.7

Trust: 0.3

vendor:moxamodel:nport 5450ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nportscope:neversion:54003.11

Trust: 0.3

vendor:moxamodel:nport 5250ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nport 5200ascope:neversion:1.3

Trust: 0.3

vendor:moxamodel:nportscope:neversion:52002.8

Trust: 0.3

vendor:moxamodel:nport 5150ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51503.6

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51303.6

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51102.6

Trust: 0.3

vendor:moxamodel:nport 5100ascope:neversion:1.3

Trust: 0.3

sources: CNVD: CNVD-2016-11882 // BID: 85965 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033 // NVD: CVE-2016-9371

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9371
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9371
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-11882
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-033
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98191
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9371
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11882
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98191
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9371
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11882 // VULHUB: VHN-98191 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033 // NVD: CVE-2016-9371

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-98191 // JVNDB: JVNDB-2016-007645 // NVD: CVE-2016-9371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-033

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201612-033

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007645

PATCH

title:トップページurl:http://japan.moxa.com/index.htm

Trust: 0.8

title:MoxaNPort Cross-Site Scripting Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/84970

Trust: 0.6

title:Multiple Moxa Nport Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66086

Trust: 0.6

sources: CNVD: CNVD-2016-11882 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033

EXTERNAL IDS

db:NVDid:CVE-2016-9371

Trust: 3.4

db:ICS CERTid:ICSA-16-336-02

Trust: 3.4

db:BIDid:85965

Trust: 2.0

db:JVNDBid:JVNDB-2016-007645

Trust: 0.8

db:CNNVDid:CNNVD-201612-033

Trust: 0.7

db:CNVDid:CNVD-2016-11882

Trust: 0.6

db:ICS CERT ALERTid:ICS-ALERT-16-099-01

Trust: 0.3

db:VULHUBid:VHN-98191

Trust: 0.1

sources: CNVD: CNVD-2016-11882 // VULHUB: VHN-98191 // BID: 85965 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033 // NVD: CVE-2016-9371

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-336-02

Trust: 3.4

url:http://www.securityfocus.com/bid/85965

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9371

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9371

Trust: 0.8

url:http://www.moxa.com/product/vport_sdk.htm

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-16-099-01

Trust: 0.3

sources: CNVD: CNVD-2016-11882 // VULHUB: VHN-98191 // BID: 85965 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033 // NVD: CVE-2016-9371

CREDITS

Reid Wightman of Digital Bonds Labs

Trust: 0.9

sources: BID: 85965 // CNNVD: CNNVD-201612-033

SOURCES

db:CNVDid:CNVD-2016-11882
db:VULHUBid:VHN-98191
db:BIDid:85965
db:JVNDBid:JVNDB-2016-007645
db:CNNVDid:CNNVD-201612-033
db:NVDid:CVE-2016-9371

LAST UPDATE DATE

2024-11-23T21:54:16.937000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11882date:2016-12-06T00:00:00
db:VULHUBid:VHN-98191date:2017-02-17T00:00:00
db:BIDid:85965date:2016-12-20T02:04:00
db:JVNDBid:JVNDB-2016-007645date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-033date:2016-12-06T00:00:00
db:NVDid:CVE-2016-9371date:2024-11-21T03:01:02.400

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11882date:2016-12-05T00:00:00
db:VULHUBid:VHN-98191date:2017-02-13T00:00:00
db:BIDid:85965date:2016-04-08T00:00:00
db:JVNDBid:JVNDB-2016-007645date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-033date:2016-04-08T00:00:00
db:NVDid:CVE-2016-9371date:2017-02-13T21:59:02.347