Sign-up

ID

VAR-202003-1674


CVE

CVE-2020-7007


TITLE

Moxa EDS-G516E Out-of-bounds write vulnerabilities in series firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-003172

DESCRIPTION

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. Moxa EDS-G516E A series firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa

Trust: 2.34

sources: NVD: CVE-2020-7007 // JVNDB: JVNDB-2020-003172 // CNVD: CNVD-2020-13515 // IVD: dd888719-4ba2-4dfa-b117-2597af1780e1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: dd888719-4ba2-4dfa-b117-2597af1780e1 // CNVD: CNVD-2020-13515

AFFECTED PRODUCTS

vendor:moxamodel:eds-g516escope:lteversion:5.2

Trust: 1.0

vendor:moxamodel:eds-510escope:lteversion:5.2

Trust: 1.0

vendor:moxamodel:eds-510escope: - version: -

Trust: 0.8

vendor:moxamodel:eds-g516escope:eqversion:5.2

Trust: 0.8

vendor:moxamodel:eds-510e seriesscope:lteversion:<=5.2

Trust: 0.6

vendor:moxamodel:eds-g516e seriesscope:lteversion:<=5.2

Trust: 0.6

vendor:eds g516emodel: - scope:eqversion:*

Trust: 0.2

vendor:eds 510emodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: dd888719-4ba2-4dfa-b117-2597af1780e1 // CNVD: CNVD-2020-13515 // JVNDB: JVNDB-2020-003172 // NVD: CVE-2020-7007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7007
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003172
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-13515
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-1163
value: CRITICAL

Trust: 0.6

IVD: dd888719-4ba2-4dfa-b117-2597af1780e1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2020-7007
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003172
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-13515
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: dd888719-4ba2-4dfa-b117-2597af1780e1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2020-7007
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003172
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: dd888719-4ba2-4dfa-b117-2597af1780e1 // CNVD: CNVD-2020-13515 // JVNDB: JVNDB-2020-003172 // CNNVD: CNNVD-202002-1163 // NVD: CVE-2020-7007

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

problemtype:CWE-121

Trust: 1.0

sources: JVNDB: JVNDB-2020-003172 // NVD: CVE-2020-7007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1163

TYPE

Buffer error

Trust: 0.8

sources: IVD: dd888719-4ba2-4dfa-b117-2597af1780e1 // CNNVD: CNNVD-202002-1163

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003172

PATCH
title:EDS-G516E Seriesurl:https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-managed-switches/eds-g516e-series
Trust: 0.8
title:Patch for Moxa EDS-G516E and EDS-510E series Buffer Overflow Vulnerability (CNVD-2020-13515)url:https://www.cnvd.org.cn/patchInfo/show/204831
Trust: 0.6
title:Moxa EDS-G516E  and EDS-510E Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110363
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-13515 // 
            
            
            
            JVNDB: JVNDB-2020-003172 // 
            
            
            
            CNNVD: CNNVD-202002-1163

EXTERNAL IDS
db:NVDid:CVE-2020-7007
Trust: 3.2
db:ICS CERTid:ICSA-20-056-04
Trust: 3.0
db:CNVDid:CNVD-2020-13515
Trust: 0.8
db:CNNVDid:CNNVD-202002-1163
Trust: 0.8
db:JVNDBid:JVNDB-2020-003172
Trust: 0.8
db:AUSCERTid:ESB-2020.0726
Trust: 0.6
db:IVDid:DD888719-4BA2-4DFA-B117-2597AF1780E1
Trust: 0.2
sources:
            
            
            IVD: dd888719-4ba2-4dfa-b117-2597af1780e1 // 
            
            
            
            CNVD: CNVD-2020-13515 // 
            
            
            
            JVNDB: JVNDB-2020-003172 // 
            
            
            
            CNNVD: CNNVD-202002-1163 // 
            
            
            
            NVD: CVE-2020-7007

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-056-04
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-7007
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7007
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0726/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-13515 // 
            
            
            
            JVNDB: JVNDB-2020-003172 // 
            
            
            
            CNNVD: CNNVD-202002-1163 // 
            
            
            
            NVD: CVE-2020-7007

SOURCES
db:IVDid:dd888719-4ba2-4dfa-b117-2597af1780e1
db:CNVDid:CNVD-2020-13515
db:JVNDBid:JVNDB-2020-003172
db:CNNVDid:CNNVD-202002-1163
db:NVDid:CVE-2020-7007

LAST UPDATE DATE
2024-11-23T21:36:01.626000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-13515date:2020-03-02T00:00:00
db:JVNDBid:JVNDB-2020-003172date:2020-04-07T00:00:00
db:CNNVDid:CNNVD-202002-1163date:2020-03-26T00:00:00
db:NVDid:CVE-2020-7007date:2024-11-21T05:36:28.860

SOURCES RELEASE DATE
db:IVDid:dd888719-4ba2-4dfa-b117-2597af1780e1date:2020-02-25T00:00:00
db:CNVDid:CNVD-2020-13515date:2020-02-26T00:00:00
db:JVNDBid:JVNDB-2020-003172date:2020-04-07T00:00:00
db:CNNVDid:CNNVD-202002-1163date:2020-02-25T00:00:00
db:NVDid:CVE-2020-7007date:2020-03-24T21:15:15.300