Sign-up

ID

VAR-201903-0184


CVE

CVE-2019-6559


TITLE

Moxa IKS and EDS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-002199

DESCRIPTION

Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. Moxa IKS and EDS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. There are uncontrolled resource consumption vulnerabilities in the MoxaIKS and EDS series. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch

Trust: 2.79

sources: NVD: CVE-2019-6559 // JVNDB: JVNDB-2019-002199 // CNVD: CNVD-2019-06059 // BID: 107178 // IVD: 9e2fefa7-3c84-4516-9a5e-a95588ad4487 // VULHUB: VHN-157994 // VULMON: CVE-2019-6559

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 9e2fefa7-3c84-4516-9a5e-a95588ad4487 // CNVD: CNVD-2019-06059

AFFECTED PRODUCTS

vendor:moxamodel:eds-405ascope:lteversion:3.8

Trust: 1.0

vendor:moxamodel:eds-408ascope:lteversion:3.8

Trust: 1.0

vendor:moxamodel:iks-g6824ascope:lteversion:4.5

Trust: 1.0

vendor:moxamodel:eds-510ascope:lteversion:3.8

Trust: 1.0

vendor:moxamodel:eds-405a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:eds-408a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:eds-510a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:iks-g6824a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:iks-g6824ascope:lteversion:<=4.5

Trust: 0.6

vendor:moxamodel:eds-405ascope:lteversion:<=3.8

Trust: 0.6

vendor:moxamodel:eds-408ascope:lteversion:<=3.8

Trust: 0.6

vendor:moxamodel:eds-510ascope:lteversion:<=3.8

Trust: 0.6

vendor:moxamodel:iks-g6824ascope:eqversion:4.5

Trust: 0.3

vendor:moxamodel:eds-510ascope:eqversion:3.8

Trust: 0.3

vendor:moxamodel:eds-408ascope:eqversion:3.8

Trust: 0.3

vendor:moxamodel:eds-405ascope:eqversion:3.8

Trust: 0.3

vendor:iks g6824amodel: - scope:eqversion:*

Trust: 0.2

vendor:eds 405amodel: - scope:eqversion:*

Trust: 0.2

vendor:eds 408amodel: - scope:eqversion:*

Trust: 0.2

vendor:eds 510amodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 9e2fefa7-3c84-4516-9a5e-a95588ad4487 // CNVD: CNVD-2019-06059 // BID: 107178 // JVNDB: JVNDB-2019-002199 // NVD: CVE-2019-6559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6559
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6559
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-06059
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201902-942
value: MEDIUM

Trust: 0.6

IVD: 9e2fefa7-3c84-4516-9a5e-a95588ad4487
value: MEDIUM

Trust: 0.2

VULHUB: VHN-157994
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-6559
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6559
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-06059
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9e2fefa7-3c84-4516-9a5e-a95588ad4487
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-157994
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6559
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6559
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 9e2fefa7-3c84-4516-9a5e-a95588ad4487 // CNVD: CNVD-2019-06059 // VULHUB: VHN-157994 // VULMON: CVE-2019-6559 // JVNDB: JVNDB-2019-002199 // CNNVD: CNNVD-201902-942 // NVD: CVE-2019-6559

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-157994 // JVNDB: JVNDB-2019-002199 // NVD: CVE-2019-6559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-942

TYPE

Resource management error

Trust: 0.8

sources: IVD: 9e2fefa7-3c84-4516-9a5e-a95588ad4487 // CNNVD: CNNVD-201902-942

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002199

PATCH
title:Top Pageurl:https://www.moxa.com/en/
Trust: 0.8
title:MoxaIKS and EDS patches for uncontrolled resource consumption vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/155115
Trust: 0.6
title:Multiple Moxa Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89661
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06059 // 
            
            
            
            JVNDB: JVNDB-2019-002199 // 
            
            
            
            CNNVD: CNNVD-201902-942

EXTERNAL IDS
db:NVDid:CVE-2019-6559
Trust: 3.7
db:ICS CERTid:ICSA-19-057-01
Trust: 3.5
db:BIDid:107178
Trust: 2.1
db:CNNVDid:CNNVD-201902-942
Trust: 0.9
db:CNVDid:CNVD-2019-06059
Trust: 0.8
db:JVNDBid:JVNDB-2019-002199
Trust: 0.8
db:AUSCERTid:ESB-2019.0597
Trust: 0.6
db:IVDid:9E2FEFA7-3C84-4516-9A5E-A95588AD4487
Trust: 0.2
db:VULHUBid:VHN-157994
Trust: 0.1
db:VULMONid:CVE-2019-6559
Trust: 0.1
sources:
            
            
            IVD: 9e2fefa7-3c84-4516-9a5e-a95588ad4487 // 
            
            
            
            CNVD: CNVD-2019-06059 // 
            
            
            
            VULHUB: VHN-157994 // 
            
            
            
            VULMON: CVE-2019-6559 // 
            
            
            
            BID: 107178 // 
            
            
            
            JVNDB: JVNDB-2019-002199 // 
            
            
            
            CNNVD: CNNVD-201902-942 // 
            
            
            
            NVD: CVE-2019-6559

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-057-01
Trust: 3.6
url:http://www.securityfocus.com/bid/107178
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-6559
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6559
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-057-01
Trust: 0.6
url:https://www.auscert.org.au/bulletins/76138
Trust: 0.6
url:http://www.moxastore.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/400.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-06059 // 
            
            
            
            VULHUB: VHN-157994 // 
            
            
            
            VULMON: CVE-2019-6559 // 
            
            
            
            BID: 107178 // 
            
            
            
            JVNDB: JVNDB-2019-002199 // 
            
            
            
            CNNVD: CNNVD-201902-942 // 
            
            
            
            NVD: CVE-2019-6559

CREDITS
Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-942

SOURCES
db:IVDid:9e2fefa7-3c84-4516-9a5e-a95588ad4487
db:CNVDid:CNVD-2019-06059
db:VULHUBid:VHN-157994
db:VULMONid:CVE-2019-6559
db:BIDid:107178
db:JVNDBid:JVNDB-2019-002199
db:CNNVDid:CNNVD-201902-942
db:NVDid:CVE-2019-6559

LAST UPDATE DATE
2024-08-14T13:26:55.796000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-06059date:2019-03-04T00:00:00
db:VULHUBid:VHN-157994date:2022-11-30T00:00:00
db:VULMONid:CVE-2019-6559date:2019-10-09T00:00:00
db:BIDid:107178date:2019-02-26T00:00:00
db:JVNDBid:JVNDB-2019-002199date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201902-942date:2019-10-25T00:00:00
db:NVDid:CVE-2019-6559date:2022-11-30T22:14:03.467

SOURCES RELEASE DATE
db:IVDid:9e2fefa7-3c84-4516-9a5e-a95588ad4487date:2019-03-04T00:00:00
db:CNVDid:CNVD-2019-06059date:2019-03-04T00:00:00
db:VULHUBid:VHN-157994date:2019-03-05T00:00:00
db:VULMONid:CVE-2019-6559date:2019-03-05T00:00:00
db:BIDid:107178date:2019-02-26T00:00:00
db:JVNDBid:JVNDB-2019-002199date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201902-942date:2019-02-26T00:00:00
db:NVDid:CVE-2019-6559date:2019-03-05T20:29:00.467