Lucene search

IcscertCVE-2016-9348

HistoryFeb 13, 2017 - 9:59 p.m.

CVE-2016-9348

2017-02-1321:59:01

CWE-255

icscert

web.nvd.nist.gov

cve-2016-9348

moxa nport

plaintext password

security

vulnerability

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

10.4%

JSON

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext.

Affected configurations

Nvd

Node

moxanport_5100_series_firmwareRange≤2.5

AND

moxanport_5110Match-

Node

moxanport_5100_series_firmwareRange≤3.5

AND

moxanport_5130Match-

moxanport_5150Match-

Node

moxanport_5200_series_firmwareRange≤2.7

AND

moxanport_5210Match-

moxanport_5230Match-

moxanport_5232Match-

moxanport_5232iMatch-

Node

moxanport_5400_series_firmwareRange≤3.10

AND

moxanport_5410Match-

moxanport_5430Match-

moxanport_5430iMatch-

moxanport_5450Match-

moxanport_5450-tMatch-

moxanport_5450iMatch-

moxanport_5450i-tMatch-

Node

moxanport_5600_series_firmwareRange≤3.6

AND

moxanport_5610Match-

moxanport_5630Match-

moxanport_5650Match-

Node

moxanport_5100a_series_firmwareRange≤1.2

AND

moxanport_5110aMatch-

moxanport_5130aMatch-

moxanport_5150aMatch-

Node

moxanport_p5150a_series_firmwareRange≤1.2

AND

moxanport_p5110aMatch-

Node

moxanport_5200a_series_firmwareRange≤1.2

AND

moxanport_5210aMatch-

moxanport_5230aMatch-

moxanport_5250aMatch-

Node

moxanport_5x50a1-m12_series_firmwareRange≤1.1

AND

moxanport_5150a1-m12Match-

moxanport_5150a1-m12-ctMatch-

moxanport_5150a1-m12-ct-tMatch-

moxanport_5150a1-m12-tMatch-

moxanport_5250a1-m12Match-

moxanport_5250a1-m12-ctMatch-

moxanport_5250a1-m12-ct-tMatch-

moxanport_5250a1-m12-tMatch-

moxanport_5450a1-m12Match-

moxanport_5450a1-m12-ctMatch-

moxanport_5450a1-m12-ct-tMatch-

moxanport_5450a1-m12-tMatch-

Node

moxanport_5600-8-dtl_series_firmwareRange≤2.3

AND

moxanport_5610-8-dtlMatch-

moxanport_5650-8-dtlMatch-

moxanport_5650i-8-dtlMatch-

Node

moxanport_6100_series_firmwareRange≤1.13

AND

moxanport_6150Match-

moxanport_6150-tMatch-

VendorProductVersionCPE
moxanport_5100_series_firmware*cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*
moxanport_5110-cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*
moxanport_5130-cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*
moxanport_5150-cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*
moxanport_5200_series_firmware*cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*
moxanport_5210-cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*
moxanport_5230-cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*
moxanport_5232-cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*
moxanport_5232i-cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*
moxanport_5400_series_firmware*cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moxa	nport_5100_series_firmware	*	cpe:2.3:o:moxa:nport_5100_series_firmware::::::::
moxa	nport_5110	-	cpe:2.3:h:moxa:nport_5110:-:::::::*
moxa	nport_5130	-	cpe:2.3:h:moxa:nport_5130:-:::::::*
moxa	nport_5150	-	cpe:2.3:h:moxa:nport_5150:-:::::::*
moxa	nport_5200_series_firmware	*	cpe:2.3:o:moxa:nport_5200_series_firmware::::::::
moxa	nport_5210	-	cpe:2.3:h:moxa:nport_5210:-:::::::*
moxa	nport_5230	-	cpe:2.3:h:moxa:nport_5230:-:::::::*
moxa	nport_5232	-	cpe:2.3:h:moxa:nport_5232:-:::::::*
moxa	nport_5232i	-	cpe:2.3:h:moxa:nport_5232i:-:::::::*
moxa	nport_5400_series_firmware	*	cpe:2.3:o:moxa:nport_5400_series_firmware::::::::

Rows per page:

1-10 of 511

CNA Affected

[
  {
    "product": "Moxa NPort",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Moxa NPort"
      }
    ]
  }
]

References

www.securityfocus.com/bid/85965

ics-cert.us-cert.gov/advisories/ICSA-16-336-02

Social References

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

10.4%

JSON

Related for CVE-2016-9348