Sign-up

ID

VAR-201702-0855


CVE

CVE-2016-9354


TITLE

Moxa DACenter Vulnerable to program crash

Trust: 0.8

sources: JVNDB: JVNDB-2016-007636

DESCRIPTION

An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. Moxa DACenter is an OPC interface used by Moxa to interact with Moxa Active OPC server for real-time data collection. A denial of service vulnerability exists in Moxa DACenter 1.4 and earlier. A local attacker could use this vulnerability to gain elevated privileges or cause a denial of service

Trust: 2.52

sources: NVD: CVE-2016-9354 // JVNDB: JVNDB-2016-007636 // CNVD: CNVD-2016-12680 // BID: 94891 // VULHUB: VHN-98174

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12680

AFFECTED PRODUCTS

vendor:moxamodel:dacenterscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:dacenterscope:eqversion:1.4

Trust: 0.9

vendor:moxamodel:da-centerscope:lteversion:1.4

Trust: 0.8

vendor:moxamodel:dacenterscope:lteversion:<=1.4

Trust: 0.6

sources: CNVD: CNVD-2016-12680 // BID: 94891 // JVNDB: JVNDB-2016-007636 // CNNVD: CNNVD-201612-511 // NVD: CVE-2016-9354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9354
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9354
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-12680
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-511
value: HIGH

Trust: 0.6

VULHUB: VHN-98174
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-9354
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12680
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98174
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9354
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12680 // VULHUB: VHN-98174 // JVNDB: JVNDB-2016-007636 // CNNVD: CNNVD-201612-511 // NVD: CVE-2016-9354

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-98174 // JVNDB: JVNDB-2016-007636 // NVD: CVE-2016-9354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-511

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201612-511

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007636

PATCH
title:DA-Centerurl:http://www.moxa.com/support/download.aspx?d_id=2573
Trust: 0.8
title:Patch for Moxa DACenter Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/86298
Trust: 0.6
title:Moxa DACenter Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66545
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12680 // 
            
            
            
            JVNDB: JVNDB-2016-007636 // 
            
            
            
            CNNVD: CNNVD-201612-511

EXTERNAL IDS
db:NVDid:CVE-2016-9354
Trust: 3.4
db:ICS CERTid:ICSA-16-348-02
Trust: 2.8
db:BIDid:94891
Trust: 2.6
db:JVNDBid:JVNDB-2016-007636
Trust: 0.8
db:CNNVDid:CNNVD-201612-511
Trust: 0.7
db:CNVDid:CNVD-2016-12680
Trust: 0.6
db:VULHUBid:VHN-98174
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12680 // 
            
            
            
            VULHUB: VHN-98174 // 
            
            
            
            BID: 94891 // 
            
            
            
            JVNDB: JVNDB-2016-007636 // 
            
            
            
            CNNVD: CNNVD-201612-511 // 
            
            
            
            NVD: CVE-2016-9354

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-348-02
Trust: 2.8
url:http://www.securityfocus.com/bid/94891
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9354
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9354
Trust: 0.8
url:http://www.moxa.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12680 // 
            
            
            
            VULHUB: VHN-98174 // 
            
            
            
            BID: 94891 // 
            
            
            
            JVNDB: JVNDB-2016-007636 // 
            
            
            
            CNNVD: CNNVD-201612-511 // 
            
            
            
            NVD: CVE-2016-9354

CREDITS
Zhou Yu.
Trust: 0.9
sources:
            
            
            BID: 94891 // 
            
            
            
            CNNVD: CNNVD-201612-511

SOURCES
db:CNVDid:CNVD-2016-12680
db:VULHUBid:VHN-98174
db:BIDid:94891
db:JVNDBid:JVNDB-2016-007636
db:CNNVDid:CNNVD-201612-511
db:NVDid:CVE-2016-9354

LAST UPDATE DATE
2024-11-23T23:02:31.339000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12680date:2016-12-21T00:00:00
db:VULHUBid:VHN-98174date:2017-02-17T00:00:00
db:BIDid:94891date:2016-12-20T01:09:00
db:JVNDBid:JVNDB-2016-007636date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-511date:2016-12-15T00:00:00
db:NVDid:CVE-2016-9354date:2024-11-21T03:01:00.453

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12680date:2016-12-21T00:00:00
db:VULHUBid:VHN-98174date:2017-02-13T00:00:00
db:BIDid:94891date:2016-12-13T00:00:00
db:JVNDBid:JVNDB-2016-007636date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-511date:2016-12-15T00:00:00
db:NVDid:CVE-2016-9354date:2017-02-13T21:59:01.957