Lucene search

[email protected]CVE-2016-8362

HistoryFeb 13, 2017 - 9:59 p.m.

CVE-2016-8362

2017-02-1321:59:01

CWE-287

[email protected]

web.nvd.nist.gov

cve

2016

8362

moxa

oncell

oncellg3470a

lte

awk-1131a

awk-3131a

awk-4131a

awk-3191

awk-5232

awk-6232

awk-1121

awk-1127

wac-1001

wac-2004

awk-3121

m12

rtg

awk-3131

m12

rcc

awk-5232

m12

tap-6226

awk-4121

awk-4131

awk-5222

awk-6222

security

vulnerability

log file

download

url

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%

JSON

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL.

Affected configurations

NVD

Node

moxaoncellg3470a-lte_firmwareRange≤10-31-2016

AND

moxaoncellg3470a-lteMatch-

Node

moxaawk-4131a_firmwareRange≤10-31-2016

AND

moxaawk-4131aMatch-

Node

moxaawk-3191_firmwareRange≤05-30-2017

AND

moxaawk-3191Match-

Node

moxaawk-5232_firmwareRange≤05-30-2017

AND

moxaawk-5232Match-

Node

moxaawk-6232_firmwareRange≤05-30-2017

AND

moxaawk-6232Match-

Node

moxaawk-1121_firmwareRange≤06-29-2017

AND

moxaawk-1121Match-

Node

moxaawk-1127_firmwareRange≤06-29-2017

AND

moxaawk-1127Match-

Node

moxawac-1001_v2_firmwareRange≤06-29-2017

AND

moxawac-1001_v2Match-

Node

moxawac-2004_firmwareRange≤06-29-2017

AND

moxawac-2004Match-

Node

moxaawk-3121-m12-rtg_firmwareRange≤06-29-2017

AND

moxaawk-3121-m12-rtgMatch-

Node

moxaawk-3131-m12-rcc_firmwareRange≤06-29-2017

AND

moxaawk-3131-m12-rccMatch-

Node

moxaawk-5232-m12-rcc_firmwareRange≤06-29-2017

AND

moxaawk-5232-m12-rccMatch-

Node

moxaawk-3131a_firmwareRange≤10-31-2016

AND

moxaawk-3131aMatch-

Node

moxaawk-1131a_firmwareRange≤10-31-2016

AND

moxaawk-1131aMatch-

CPENameOperatorVersion
moxa:oncellg3470a-lte_firmwaremoxa oncellg3470a-lte firmwarele10-31-2016

CPE	Name	Operator	Version
moxa:oncellg3470a-lte_firmware	moxa oncellg3470a-lte firmware	le	10-31-2016

CNA Affected

[
  {
    "product": "Moxa OnCell",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Moxa OnCell"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94092

ics-cert.us-cert.gov/advisories/ICSA-16-308-01

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for CVE-2016-8362

nessus1 cvelist1 prion1 nvd1 ics1