Sign-up

ID

VAR-202003-1668


CVE

CVE-2020-6999


TITLE

Moxa EDS-G516E Buffer Overflow Vulnerability

Trust: 1.2

sources: IVD: 84df500c-409c-46cd-8c19-9a913469f3e3 // IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3 // IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0 // CNVD: CNVD-2020-19932

DESCRIPTION

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. Moxa EDS-G516E A classic buffer overflow vulnerability exists in the series firmware.Service operation interruption (DoS) It may be put into a state. Moxa EDS-G516E is a managed switch from Moxa, Taiwan. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.7

sources: NVD: CVE-2020-6999 // JVNDB: JVNDB-2020-003425 // CNVD: CNVD-2020-19932 // IVD: 84df500c-409c-46cd-8c19-9a913469f3e3 // IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3 // IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: IVD: 84df500c-409c-46cd-8c19-9a913469f3e3 // IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3 // IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0 // CNVD: CNVD-2020-19932

AFFECTED PRODUCTS

vendor:moxamodel:mds-g516escope:lteversion:5.2

Trust: 1.0

vendor:moxamodel:eds-g516escope:eqversion:5.2

Trust: 0.8

vendor:mds g516emodel: - scope:eqversion:*

Trust: 0.6

vendor:moxamodel:eds-g516escope:lteversion:<=5.2

Trust: 0.6

sources: IVD: 84df500c-409c-46cd-8c19-9a913469f3e3 // IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3 // IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0 // CNVD: CNVD-2020-19932 // JVNDB: JVNDB-2020-003425 // NVD: CVE-2020-6999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6999
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003425
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-19932
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-1630
value: MEDIUM

Trust: 0.6

IVD: 84df500c-409c-46cd-8c19-9a913469f3e3
value: MEDIUM

Trust: 0.2

IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3
value: MEDIUM

Trust: 0.2

IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2020-6999
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003425
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19932
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 84df500c-409c-46cd-8c19-9a913469f3e3
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2020-6999
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003425
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 84df500c-409c-46cd-8c19-9a913469f3e3 // IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3 // IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0 // CNVD: CNVD-2020-19932 // JVNDB: JVNDB-2020-003425 // CNNVD: CNNVD-202003-1630 // NVD: CVE-2020-6999

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2020-003425 // NVD: CVE-2020-6999

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1630

TYPE

Buffer error

Trust: 1.2

sources: IVD: 84df500c-409c-46cd-8c19-9a913469f3e3 // IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3 // IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0 // CNNVD: CNNVD-202003-1630

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003425

PATCH
title:Top Pageurl:https://www.moxa.com/en/
Trust: 0.8
title:Patch for Moxa EDS-G516E buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/211331
Trust: 0.6
title:Moxa EDS-G516E Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113032
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19932 // 
            
            
            
            JVNDB: JVNDB-2020-003425 // 
            
            
            
            CNNVD: CNNVD-202003-1630

EXTERNAL IDS
db:NVDid:CVE-2020-6999
Trust: 3.6
db:ICS CERTid:ICSA-20-056-04
Trust: 2.4
db:CNVDid:CNVD-2020-19932
Trust: 1.2
db:CNNVDid:CNNVD-202003-1630
Trust: 1.2
db:JVNDBid:JVNDB-2020-003425
Trust: 0.8
db:IVDid:84DF500C-409C-46CD-8C19-9A913469F3E3
Trust: 0.2
db:IVDid:9DEDD6D9-6012-4511-9F7C-C0F8518A4AB3
Trust: 0.2
db:IVDid:B6594321-DDB7-44B7-8B8E-0FFC0C94D3A0
Trust: 0.2
sources:
            
            
            IVD: 84df500c-409c-46cd-8c19-9a913469f3e3 // 
            
            
            
            IVD: 9dedd6d9-6012-4511-9f7c-c0f8518a4ab3 // 
            
            
            
            IVD: b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0 // 
            
            
            
            CNVD: CNVD-2020-19932 // 
            
            
            
            JVNDB: JVNDB-2020-003425 // 
            
            
            
            CNNVD: CNNVD-202003-1630 // 
            
            
            
            NVD: CVE-2020-6999

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-056-04
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-6999
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6999
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003425 // 
            
            
            
            CNNVD: CNNVD-202003-1630 // 
            
            
            
            NVD: CVE-2020-6999

SOURCES
db:IVDid:84df500c-409c-46cd-8c19-9a913469f3e3
db:IVDid:9dedd6d9-6012-4511-9f7c-c0f8518a4ab3
db:IVDid:b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0
db:CNVDid:CNVD-2020-19932
db:JVNDBid:JVNDB-2020-003425
db:CNNVDid:CNNVD-202003-1630
db:NVDid:CVE-2020-6999

LAST UPDATE DATE
2024-11-23T21:36:01.424000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19932date:2020-03-29T00:00:00
db:JVNDBid:JVNDB-2020-003425date:2020-04-16T00:00:00
db:CNNVDid:CNNVD-202003-1630date:2020-03-31T00:00:00
db:NVDid:CVE-2020-6999date:2024-11-21T05:36:27.883

SOURCES RELEASE DATE
db:IVDid:84df500c-409c-46cd-8c19-9a913469f3e3date:2020-03-26T00:00:00
db:IVDid:9dedd6d9-6012-4511-9f7c-c0f8518a4ab3date:2020-03-26T00:00:00
db:IVDid:b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0date:2020-03-26T00:00:00
db:CNVDid:CNVD-2020-19932date:2020-03-28T00:00:00
db:JVNDBid:JVNDB-2020-003425date:2020-04-16T00:00:00
db:CNNVDid:CNNVD-202003-1630date:2020-03-26T00:00:00
db:NVDid:CVE-2020-6999date:2020-03-26T13:15:13.610