ID

VAR-201702-0851


CVE

CVE-2016-9348


TITLE

plural Moxa NPort Vulnerability in product passwords displayed in clear text

Trust: 0.8

sources: JVNDB: JVNDB-2016-007638

DESCRIPTION

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. MOXANport is a serial communication server. MoxaNPort has a plaintext storage vulnerability. Multiple Moxa NPort products are prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to bypass security restrictions, perform unauthorized actions, gain escalated privileges and execute arbitrary code in the context of the affected application and cause a denial-of-service condition. Successful exploitation will allow an attacker to take control of the affected system. An attacker could exploit this vulnerability to obtain sensitive information

Trust: 2.52

sources: NVD: CVE-2016-9348 // JVNDB: JVNDB-2016-007638 // CNVD: CNVD-2016-11879 // BID: 85965 // VULHUB: VHN-98168

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11879

AFFECTED PRODUCTS

vendor:moxamodel:nport 5200 seriesscope:lteversion:2.7

Trust: 1.0

vendor:moxamodel:nport 5600 seriesscope:lteversion:3.6

Trust: 1.0

vendor:moxamodel:nport 5400 seriesscope:lteversion:3.10

Trust: 1.0

vendor:moxamodel:nport p5150a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope:lteversion:3.5

Trust: 1.0

vendor:moxamodel:nport 5600-8-dtl seriesscope:lteversion:2.3

Trust: 1.0

vendor:moxamodel:nport 5100a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope:lteversion:2.5

Trust: 1.0

vendor:moxamodel:nport 5x50a1-m12 seriesscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:nport 6100 seriesscope:lteversion:1.13

Trust: 1.0

vendor:moxamodel:nport 5200a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5100a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5110scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5110ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5130scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5130ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5200 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5200a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5210scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5210ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5230scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5230ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5232scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5232iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5400 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5410scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5430scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5430iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450i-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5600 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5600-8-dtl seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5610scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5610-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5630scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650i-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5x50a1-m12 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6150scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6150-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport p5110ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport p5150a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nportscope:eqversion:5110<2.6

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5130/5150<3.6

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5200<2.8

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5400<3.11

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5600<3.7

Trust: 0.6

vendor:moxamodel:nport p5150ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5100ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5200ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5150ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5250ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5450ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtscope:ltversion:2.4

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtlscope:ltversion:2.4

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:6x50<1.13.11

Trust: 0.6

vendor:moxamodel:nport ia5450ascope:ltversion:1.4

Trust: 0.6

vendor:moxamodel:nport 5100 seriesscope:eqversion:3.5

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtl seriesscope:eqversion:2.3

Trust: 0.6

vendor:moxamodel:nport 5100 seriesscope:eqversion:2.5

Trust: 0.6

vendor:moxamodel:nport 5400 seriesscope:eqversion:3.10

Trust: 0.6

vendor:moxamodel:nport p5150a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5100a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5200a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5600 seriesscope:eqversion:3.6

Trust: 0.6

vendor:moxamodel:nport 5200 seriesscope:eqversion:2.7

Trust: 0.6

vendor:moxamodel:nport 5x50a1-m12 seriesscope:eqversion:1.1

Trust: 0.6

vendor:moxamodel:nport p5150ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport ia5450ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:6x500

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:66501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:66101.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:64501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:62501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61101.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61100

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:60000

Trust: 0.3

vendor:moxamodel:nport 5x50ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5600-dt/dtlscope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtlscope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:56000

Trust: 0.3

vendor:moxamodel:nport 5450ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:54000

Trust: 0.3

vendor:moxamodel:nport 5250ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5200ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:52000

Trust: 0.3

vendor:moxamodel:nport 5150ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51503.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51102.5

Trust: 0.3

vendor:moxamodel:nport 5100ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51000

Trust: 0.3

vendor:moxamodel:nport ia5450ascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:nportscope:neversion:6x501.14

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtlscope:neversion:1.3

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtscope:neversion:2.4

Trust: 0.3

vendor:moxamodel:nportscope:neversion:56003.7

Trust: 0.3

vendor:moxamodel:nport 5450ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nportscope:neversion:54003.11

Trust: 0.3

vendor:moxamodel:nport 5250ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nport 5200ascope:neversion:1.3

Trust: 0.3

vendor:moxamodel:nportscope:neversion:52002.8

Trust: 0.3

vendor:moxamodel:nport 5150ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51503.6

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51303.6

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51102.6

Trust: 0.3

vendor:moxamodel:nport 5100ascope:neversion:1.3

Trust: 0.3

sources: CNVD: CNVD-2016-11879 // BID: 85965 // JVNDB: JVNDB-2016-007638 // CNNVD: CNNVD-201612-036 // NVD: CVE-2016-9348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9348
value: LOW

Trust: 1.0

NVD: CVE-2016-9348
value: LOW

Trust: 0.8

CNVD: CNVD-2016-11879
value: LOW

Trust: 0.6

CNNVD: CNNVD-201612-036
value: LOW

Trust: 0.6

VULHUB: VHN-98168
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-9348
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11879
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98168
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9348
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11879 // VULHUB: VHN-98168 // JVNDB: JVNDB-2016-007638 // CNNVD: CNNVD-201612-036 // NVD: CVE-2016-9348

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-98168 // JVNDB: JVNDB-2016-007638 // NVD: CVE-2016-9348

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201612-036

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201612-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007638

PATCH

title:トップページurl:http://japan.moxa.com/index.htm

Trust: 0.8

title:MoxaNPort plaintext storage vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/84966

Trust: 0.6

title:Multiple Moxa Nport Product configuration error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66090

Trust: 0.6

sources: CNVD: CNVD-2016-11879 // JVNDB: JVNDB-2016-007638 // CNNVD: CNNVD-201612-036

EXTERNAL IDS

db:NVDid:CVE-2016-9348

Trust: 3.4

db:ICS CERTid:ICSA-16-336-02

Trust: 3.4

db:BIDid:85965

Trust: 2.0

db:JVNDBid:JVNDB-2016-007638

Trust: 0.8

db:CNNVDid:CNNVD-201612-036

Trust: 0.7

db:CNVDid:CNVD-2016-11879

Trust: 0.6

db:ICS CERT ALERTid:ICS-ALERT-16-099-01

Trust: 0.3

db:VULHUBid:VHN-98168

Trust: 0.1

sources: CNVD: CNVD-2016-11879 // VULHUB: VHN-98168 // BID: 85965 // JVNDB: JVNDB-2016-007638 // CNNVD: CNNVD-201612-036 // NVD: CVE-2016-9348

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-336-02

Trust: 3.4

url:http://www.securityfocus.com/bid/85965

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9348

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9348

Trust: 0.8

url:http://www.moxa.com/product/vport_sdk.htm

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-16-099-01

Trust: 0.3

sources: CNVD: CNVD-2016-11879 // VULHUB: VHN-98168 // BID: 85965 // JVNDB: JVNDB-2016-007638 // CNNVD: CNNVD-201612-036 // NVD: CVE-2016-9348

CREDITS

Reid Wightman of Digital Bonds Labs

Trust: 0.9

sources: BID: 85965 // CNNVD: CNNVD-201612-036

SOURCES

db:CNVDid:CNVD-2016-11879
db:VULHUBid:VHN-98168
db:BIDid:85965
db:JVNDBid:JVNDB-2016-007638
db:CNNVDid:CNNVD-201612-036
db:NVDid:CVE-2016-9348

LAST UPDATE DATE

2024-11-23T21:54:16.745000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11879date:2016-12-06T00:00:00
db:VULHUBid:VHN-98168date:2017-02-17T00:00:00
db:BIDid:85965date:2016-12-20T02:04:00
db:JVNDBid:JVNDB-2016-007638date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-036date:2016-12-06T00:00:00
db:NVDid:CVE-2016-9348date:2024-11-21T03:00:59.943

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11879date:2016-12-05T00:00:00
db:VULHUBid:VHN-98168date:2017-02-13T00:00:00
db:BIDid:85965date:2016-04-08T00:00:00
db:JVNDBid:JVNDB-2016-007638date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-036date:2016-04-08T00:00:00
db:NVDid:CVE-2016-9348date:2017-02-13T21:59:01.847