Details of VAR-201711-0914

ID

VAR-201711-0914

CVE

CVE-2017-13699

TITLE

MOXA EDS-G512E Vulnerability related to cryptographic strength in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-010580

DESCRIPTION

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. MOXA EDS-G512E The device contains a cryptographic strength vulnerability.Information may be obtained. The MOXAEDS-G512E is a Gigabit Ethernet manageable switch. MOXA EDS-G512E is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2017-13699 // JVNDB: JVNDB-2017-010580 // CNVD: CNVD-2017-37712 // BID: 106047 // VULHUB: VHN-104347

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-37712

AFFECTED PRODUCTS

vendor:	moxa	model:	eds-g512e	scope:	eq	version:	5.1	Trust: 1.6
vendor:	moxa	model:	eds-g512e build	scope:	eq	version:	5.116072215	Trust: 0.9
vendor:	moxa	model:	eds-g512e	scope:	eq	version:	5.1 build 16072215	Trust: 0.8

sources: CNVD: CNVD-2017-37712 // BID: 106047 // JVNDB: JVNDB-2017-010580 // CNNVD: CNNVD-201708-1120 // NVD: CVE-2017-13699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13699
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-13699
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-37712
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-1120
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-104347
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-13699
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37712
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-104347
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-13699
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-37712 // VULHUB: VHN-104347 // JVNDB: JVNDB-2017-010580 // CNNVD: CNNVD-201708-1120 // NVD: CVE-2017-13699

PROBLEMTYPE DATA

problemtype:

CWE-326

Trust: 1.9

sources: VULHUB: VHN-104347 // JVNDB: JVNDB-2017-010580 // NVD: CVE-2017-13699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1120

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1120

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010580

PATCH

title:	EDS-G508E/EDS-G512E/EDS-G516E Series	url:	https://www.moxa.com/product/EDS-G500E.htm	Trust: 0.8
title:	MOXAEDS-G512E password encryption method vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/111317	Trust: 0.6

sources: CNVD: CNVD-2017-37712 // JVNDB: JVNDB-2017-010580

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13699	Trust: 3.4
db:	BID	id:	106047	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-010580	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-1120	Trust: 0.7
db:	CNVD	id:	CNVD-2017-37712	Trust: 0.6
db:	VULHUB	id:	VHN-104347	Trust: 0.1

sources: CNVD: CNVD-2017-37712 // VULHUB: VHN-104347 // BID: 106047 // JVNDB: JVNDB-2017-010580 // CNNVD: CNNVD-201708-1120 // NVD: CVE-2017-13699

REFERENCES

url:	https://www.sentryo.net/wp-content/uploads/2017/11/switch-moxa-analysis.pdf	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13699	Trust: 1.4
url:	http://www.securityfocus.com/bid/106047	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13699	Trust: 0.8
url:	http://www.moxastore.com/	Trust: 0.3

sources: CNVD: CNVD-2017-37712 // VULHUB: VHN-104347 // BID: 106047 // JVNDB: JVNDB-2017-010580 // CNNVD: CNNVD-201708-1120 // NVD: CVE-2017-13699

CREDITS

Sentryo Security Labs.

Trust: 0.3

sources: BID: 106047

SOURCES

db:	CNVD	id:	CNVD-2017-37712
db:	VULHUB	id:	VHN-104347
db:	BID	id:	106047
db:	JVNDB	id:	JVNDB-2017-010580
db:	CNNVD	id:	CNNVD-201708-1120
db:	NVD	id:	CVE-2017-13699

LAST UPDATE DATE

2024-11-23T22:12:47.415000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37712	date:	2017-12-21T00:00:00
db:	VULHUB	id:	VHN-104347	date:	2018-11-30T00:00:00
db:	BID	id:	106047	date:	2018-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-010580	date:	2017-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201708-1120	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-13699	date:	2024-11-21T03:11:27.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-37712	date:	2017-12-21T00:00:00
db:	VULHUB	id:	VHN-104347	date:	2017-11-23T00:00:00
db:	BID	id:	106047	date:	2018-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-010580	date:	2017-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201708-1120	date:	2017-08-28T00:00:00
db:	NVD	id:	CVE-2017-13699	date:	2017-11-23T21:29:00.297