Details of VAR-201702-0597

ID

VAR-201702-0597

CVE

CVE-2016-9371

TITLE

plural Moxa NPort Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007645

DESCRIPTION

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). plural Moxa NPort The product contains a cross-site scripting vulnerability.A cross-site scripting attack may be performed. MOXANport is a serial communication server. An attacker exploits a vulnerability to initiate a cross-site attack. Multiple Moxa NPort products are prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to bypass security restrictions, perform unauthorized actions, gain escalated privileges and execute arbitrary code in the context of the affected application and cause a denial-of-service condition. Successful exploitation will allow an attacker to take control of the affected system. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 2.52

sources: NVD: CVE-2016-9371 // JVNDB: JVNDB-2016-007645 // CNVD: CNVD-2016-11882 // BID: 85965 // VULHUB: VHN-98191

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11882

AFFECTED PRODUCTS

vendor:	moxa	model:	nport 6100 series	scope:	lte	version:	1.13	Trust: 1.0
vendor:	moxa	model:	nport 5200 series	scope:	lte	version:	2.7	Trust: 1.0
vendor:	moxa	model:	nport 5400 series	scope:	lte	version:	3.10	Trust: 1.0
vendor:	moxa	model:	nport 5100 series	scope:	lte	version:	3.5	Trust: 1.0
vendor:	moxa	model:	nport 5100 series	scope:	lte	version:	2.5	Trust: 1.0
vendor:	moxa	model:	nport 5600-8-dtl series	scope:	lte	version:	2.3	Trust: 1.0
vendor:	moxa	model:	nport 5x50a1-m12 series	scope:	lte	version:	1.1	Trust: 1.0
vendor:	moxa	model:	nport 5600 series	scope:	lte	version:	3.6	Trust: 1.0
vendor:	moxa	model:	nport 5100a series	scope:	lte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	nport p5150a series	scope:	lte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	nport 5200a series	scope:	lte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	nport 5100 series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5100a series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5110	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5110a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5130	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5130a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150a1-m12	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150a1-m12-ct	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150a1-m12-ct-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150a1-m12-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5200 series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5200a series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5210	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5210a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5230	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5230a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5232	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5232i	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250a1-m12	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250a1-m12-ct	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250a1-m12-ct-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250a1-m12-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5400 series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5410	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5430	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5430i	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450a1-m12	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450a1-m12-ct	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450a1-m12-ct-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450a1-m12-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450i	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450i-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5600 series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5600-8-dtl series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5610	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5610-8-dtl	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5630	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5650	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5650-8-dtl	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5650i-8-dtl	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5x50a1-m12 series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 6100 series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 6150	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 6150-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport p5110a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport p5150a series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport	scope:	eq	version:	5110<2.6	Trust: 0.6
vendor:	moxa	model:	nport	scope:	eq	version:	5130/5150<3.6	Trust: 0.6
vendor:	moxa	model:	nport	scope:	eq	version:	5200<2.8	Trust: 0.6
vendor:	moxa	model:	nport	scope:	eq	version:	5400<3.11	Trust: 0.6
vendor:	moxa	model:	nport	scope:	eq	version:	5600<3.7	Trust: 0.6
vendor:	moxa	model:	nport p5150a	scope:	lt	version:	1.3	Trust: 0.6
vendor:	moxa	model:	nport 5100a	scope:	lt	version:	1.3	Trust: 0.6
vendor:	moxa	model:	nport 5200a	scope:	lt	version:	1.3	Trust: 0.6
vendor:	moxa	model:	nport 5150ai-m12	scope:	lt	version:	1.2	Trust: 0.6
vendor:	moxa	model:	nport 5250ai-m12	scope:	lt	version:	1.2	Trust: 0.6
vendor:	moxa	model:	nport 5450ai-m12	scope:	lt	version:	1.2	Trust: 0.6
vendor:	moxa	model:	nport 5600-8-dt	scope:	lt	version:	2.4	Trust: 0.6
vendor:	moxa	model:	nport 5600-8-dtl	scope:	lt	version:	2.4	Trust: 0.6
vendor:	moxa	model:	nport	scope:	eq	version:	6x50<1.13.11	Trust: 0.6
vendor:	moxa	model:	nport ia5450a	scope:	lt	version:	1.4	Trust: 0.6
vendor:	moxa	model:	nport 5100 series	scope:	eq	version:	3.5	Trust: 0.6
vendor:	moxa	model:	nport 6100 series	scope:	eq	version:	1.13	Trust: 0.6
vendor:	moxa	model:	nport 5600-8-dtl series	scope:	eq	version:	2.3	Trust: 0.6
vendor:	moxa	model:	nport 5100 series	scope:	eq	version:	2.5	Trust: 0.6
vendor:	moxa	model:	nport 5400 series	scope:	eq	version:	3.10	Trust: 0.6
vendor:	moxa	model:	nport p5150a series	scope:	eq	version:	1.2	Trust: 0.6
vendor:	moxa	model:	nport 5100a series	scope:	eq	version:	1.2	Trust: 0.6
vendor:	moxa	model:	nport 5200a series	scope:	eq	version:	1.2	Trust: 0.6
vendor:	moxa	model:	nport 5600 series	scope:	eq	version:	3.6	Trust: 0.6
vendor:	moxa	model:	nport 5x50a1-m12 series	scope:	eq	version:	1.1	Trust: 0.6
vendor:	moxa	model:	nport p5150a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport ia5450a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	6x500	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	66501.13	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	66101.13	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	64501.13	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	62501.13	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	61501.13	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	61101.13	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	61100	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	60000	Trust: 0.3
vendor:	moxa	model:	nport 5x50ai-m12	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport 5600-dt/dtl	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport 5600-8-dtl	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	56000	Trust: 0.3
vendor:	moxa	model:	nport 5450ai-m12	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	54000	Trust: 0.3
vendor:	moxa	model:	nport 5250ai-m12	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport 5200a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	52000	Trust: 0.3
vendor:	moxa	model:	nport 5150ai-m12	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51503.5	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51303.5	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51102.5	Trust: 0.3
vendor:	moxa	model:	nport 5100a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51000	Trust: 0.3
vendor:	moxa	model:	nport ia5450a	scope:	ne	version:	1.4	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	6x501.14	Trust: 0.3
vendor:	moxa	model:	nport 5600-8-dtl	scope:	ne	version:	1.3	Trust: 0.3
vendor:	moxa	model:	nport 5600-8-dt	scope:	ne	version:	2.4	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	56003.7	Trust: 0.3
vendor:	moxa	model:	nport 5450ai-m12	scope:	ne	version:	1.2	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	54003.11	Trust: 0.3
vendor:	moxa	model:	nport 5250ai-m12	scope:	ne	version:	1.2	Trust: 0.3
vendor:	moxa	model:	nport 5200a	scope:	ne	version:	1.3	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	52002.8	Trust: 0.3
vendor:	moxa	model:	nport 5150ai-m12	scope:	ne	version:	1.2	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	51503.6	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	51303.6	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	51102.6	Trust: 0.3
vendor:	moxa	model:	nport 5100a	scope:	ne	version:	1.3	Trust: 0.3

sources: CNVD: CNVD-2016-11882 // BID: 85965 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033 // NVD: CVE-2016-9371

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9371
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9371
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-11882
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201612-033
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98191
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9371
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11882
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-98191
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9371
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-11882 // VULHUB: VHN-98191 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033 // NVD: CVE-2016-9371

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-98191 // JVNDB: JVNDB-2016-007645 // NVD: CVE-2016-9371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-033

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201612-033

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007645

PATCH

title:	トップページ	url:	http://japan.moxa.com/index.htm	Trust: 0.8
title:	MoxaNPort Cross-Site Scripting Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/84970	Trust: 0.6
title:	Multiple Moxa Nport Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66086	Trust: 0.6

sources: CNVD: CNVD-2016-11882 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9371	Trust: 3.4
db:	ICS CERT	id:	ICSA-16-336-02	Trust: 3.4
db:	BID	id:	85965	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-007645	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-033	Trust: 0.7
db:	CNVD	id:	CNVD-2016-11882	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-16-099-01	Trust: 0.3
db:	VULHUB	id:	VHN-98191	Trust: 0.1

sources: CNVD: CNVD-2016-11882 // VULHUB: VHN-98191 // BID: 85965 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033 // NVD: CVE-2016-9371

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-336-02	Trust: 3.4
url:	http://www.securityfocus.com/bid/85965	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9371	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9371	Trust: 0.8
url:	http://www.moxa.com/product/vport_sdk.htm	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-16-099-01	Trust: 0.3

sources: CNVD: CNVD-2016-11882 // VULHUB: VHN-98191 // BID: 85965 // JVNDB: JVNDB-2016-007645 // CNNVD: CNNVD-201612-033 // NVD: CVE-2016-9371

CREDITS

Reid Wightman of Digital Bonds Labs

Trust: 0.9

sources: BID: 85965 // CNNVD: CNNVD-201612-033

SOURCES

db:	CNVD	id:	CNVD-2016-11882
db:	VULHUB	id:	VHN-98191
db:	BID	id:	85965
db:	JVNDB	id:	JVNDB-2016-007645
db:	CNNVD	id:	CNNVD-201612-033
db:	NVD	id:	CVE-2016-9371

LAST UPDATE DATE

2024-08-14T14:13:35.715000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11882	date:	2016-12-06T00:00:00
db:	VULHUB	id:	VHN-98191	date:	2017-02-17T00:00:00
db:	BID	id:	85965	date:	2016-12-20T02:04:00
db:	JVNDB	id:	JVNDB-2016-007645	date:	2017-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201612-033	date:	2016-12-06T00:00:00
db:	NVD	id:	CVE-2016-9371	date:	2017-02-17T18:08:41.883

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-11882	date:	2016-12-05T00:00:00
db:	VULHUB	id:	VHN-98191	date:	2017-02-13T00:00:00
db:	BID	id:	85965	date:	2016-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-007645	date:	2017-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201612-033	date:	2016-04-08T00:00:00
db:	NVD	id:	CVE-2016-9371	date:	2017-02-13T21:59:02.347