Sign-up

ID

VAR-201702-0857


CVE

CVE-2016-9356


TITLE

Moxa DACenter Vulnerability in application

Trust: 0.8

sources: JVNDB: JVNDB-2016-007637

DESCRIPTION

An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. Moxa DACenter The application contains an unspecified vulnerability related to unquoted search paths.May be unspecified. Moxa DACenter is an OPC interface used by Moxa to interact with Moxa Active OPC server for real-time data collection. A local permissions vulnerability exists in Moxa DACenter 1.4 and earlier. An attacker could use this vulnerability to gain elevated permissions. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2016-9356 // JVNDB: JVNDB-2016-007637 // CNVD: CNVD-2016-12681 // BID: 94891 // VULHUB: VHN-98176

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12681

AFFECTED PRODUCTS

vendor:moxamodel:dacenterscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:dacenterscope:eqversion:1.4

Trust: 0.9

vendor:moxamodel:da-centerscope:lteversion:1.4

Trust: 0.8

vendor:moxamodel:dacenterscope:lteversion:<=1.4

Trust: 0.6

sources: CNVD: CNVD-2016-12681 // BID: 94891 // JVNDB: JVNDB-2016-007637 // CNNVD: CNNVD-201612-512 // NVD: CVE-2016-9356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9356
value: HIGH

Trust: 1.0

NVD: CVE-2016-9356
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-12681
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-512
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98176
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9356
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12681
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98176
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9356
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12681 // VULHUB: VHN-98176 // JVNDB: JVNDB-2016-007637 // CNNVD: CNNVD-201612-512 // NVD: CVE-2016-9356

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-98176 // JVNDB: JVNDB-2016-007637 // NVD: CVE-2016-9356

THREAT TYPE

local

Trust: 0.9

sources: BID: 94891 // CNNVD: CNNVD-201612-512

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201612-512

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007637

PATCH
title:DA-Centerurl:http://www.moxa.com/support/download.aspx?d_id=2573
Trust: 0.8
title:Patch for Moxa DACenter Local Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/86299
Trust: 0.6
title:Moxa DACenter Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66546
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12681 // 
            
            
            
            JVNDB: JVNDB-2016-007637 // 
            
            
            
            CNNVD: CNNVD-201612-512

EXTERNAL IDS
db:NVDid:CVE-2016-9356
Trust: 3.4
db:ICS CERTid:ICSA-16-348-02
Trust: 2.8
db:BIDid:94891
Trust: 2.6
db:JVNDBid:JVNDB-2016-007637
Trust: 0.8
db:CNNVDid:CNNVD-201612-512
Trust: 0.7
db:CNVDid:CNVD-2016-12681
Trust: 0.6
db:VULHUBid:VHN-98176
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12681 // 
            
            
            
            VULHUB: VHN-98176 // 
            
            
            
            BID: 94891 // 
            
            
            
            JVNDB: JVNDB-2016-007637 // 
            
            
            
            CNNVD: CNNVD-201612-512 // 
            
            
            
            NVD: CVE-2016-9356

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-348-02
Trust: 2.8
url:http://www.securityfocus.com/bid/94891
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9356
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9356
Trust: 0.8
url:http://www.moxa.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12681 // 
            
            
            
            VULHUB: VHN-98176 // 
            
            
            
            BID: 94891 // 
            
            
            
            JVNDB: JVNDB-2016-007637 // 
            
            
            
            CNNVD: CNNVD-201612-512 // 
            
            
            
            NVD: CVE-2016-9356

CREDITS
Zhou Yu.
Trust: 0.9
sources:
            
            
            BID: 94891 // 
            
            
            
            CNNVD: CNNVD-201612-512

SOURCES
db:CNVDid:CNVD-2016-12681
db:VULHUBid:VHN-98176
db:BIDid:94891
db:JVNDBid:JVNDB-2016-007637
db:CNNVDid:CNNVD-201612-512
db:NVDid:CVE-2016-9356

LAST UPDATE DATE
2024-11-23T23:02:31.304000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12681date:2016-12-21T00:00:00
db:VULHUBid:VHN-98176date:2017-02-17T00:00:00
db:BIDid:94891date:2016-12-20T01:09:00
db:JVNDBid:JVNDB-2016-007637date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-512date:2016-12-15T00:00:00
db:NVDid:CVE-2016-9356date:2024-11-21T03:01:00.677

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12681date:2016-12-21T00:00:00
db:VULHUBid:VHN-98176date:2017-02-13T00:00:00
db:BIDid:94891date:2016-12-13T00:00:00
db:JVNDBid:JVNDB-2016-007637date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-512date:2016-12-15T00:00:00
db:NVDid:CVE-2016-9356date:2017-02-13T21:59:01.987