Lucene search

HistoryAug 02, 2023 - 12:00 a.m.

Moxa MGate Authentication Bypass (CVE-2016-5804)

2023-08-0200:00:00

www.tenable.com

moxa mgate

authentication bypass

cve-2016-5804

vulnerability

weak encryption

remote attack

brute-force

tenable.ot

ics-cert

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.1%

JSON

Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501520);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/03");

  script_cve_id("CVE-2016-5804");

  script_name(english:"Moxa MGate Authentication Bypass (CVE-2016-5804)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480
before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use
weak encryption, which allows remote attackers to bypass
authentication via a brute-force series of guesses for a parameter
value.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5804");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(326);

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3170_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3180_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3270_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3280_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3480_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Moxa");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Moxa');

var asset = tenable_ot::assets::get(vendor:'Moxa');

var vuln_cpes = {
    "cpe:/o:moxa:mgate_mb3180_firmware" :
        {"versionEndExcluding" : "1.8", "family" : "MoxaMGate"},
    "cpe:/o:moxa:mgate_mb3280_firmware" :
        {"versionEndExcluding" : "2.7", "family" : "MoxaMGate"},
    "cpe:/o:moxa:mgate_mb3480_firmware" :
        {"versionEndExcluding" : "2.6", "family" : "MoxaMGate"},
    "cpe:/o:moxa:mgate_mb3170_firmware" :
        {"versionEndExcluding" : "2.5", "family" : "MoxaMGate"},
    "cpe:/o:moxa:mgate_mb3270_firmware" :
        {"versionEndExcluding" : "2.7", "family" : "MoxaMGate"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

VendorProductVersionCPE
moxamgate_mb3170_firmwarecpe:/o:moxa:mgate_mb3170_firmware
moxamgate_mb3180_firmwarecpe:/o:moxa:mgate_mb3180_firmware
moxamgate_mb3270_firmwarecpe:/o:moxa:mgate_mb3270_firmware
moxamgate_mb3280_firmwarecpe:/o:moxa:mgate_mb3280_firmware
moxamgate_mb3480_firmwarecpe:/o:moxa:mgate_mb3480_firmware

Vendor	Product	CPE
moxa	mgate_mb3170_firmware	cpe:/o:moxa:mgate_mb3170_firmware
moxa	mgate_mb3180_firmware	cpe:/o:moxa:mgate_mb3180_firmware
moxa	mgate_mb3270_firmware	cpe:/o:moxa:mgate_mb3270_firmware
moxa	mgate_mb3280_firmware	cpe:/o:moxa:mgate_mb3280_firmware
moxa	mgate_mb3480_firmware	cpe:/o:moxa:mgate_mb3480_firmware

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5804

ics-cert.us-cert.gov/advisories/ICSA-16-196-02

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.1%

JSON

Related for TENABLE_OT_MOXA_CVE-2016-5804.NASL