Moxa NPort Devices Multiple Vulnerabilities (MCSA-160401)

2017-02-1600:00:00
plugins.openvas.org
6.6 Medium
AI Score
Confidence
Low
0.383 Low
EPSS
Percentile
97.2%
JSON
Moxa NPort devices are prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE_PREFIX = "cpe:/o:moxa:nport_";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106589");
  script_version("2024-05-08T05:05:32+0000");
  script_tag(name:"last_modification", value:"2024-05-08 05:05:32 +0000 (Wed, 08 May 2024)");
  script_tag(name:"creation_date", value:"2017-02-16 09:18:30 +0700 (Thu, 16 Feb 2017)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-02-17 18:12:00 +0000 (Fri, 17 Feb 2017)");

  script_cve_id("CVE-2016-9361", "CVE-2016-9369", "CVE-2016-9363", "CVE-2016-9371", "CVE-2016-9365",
                "CVE-2016-9366", "CVE-2016-9348", "CVE-2016-9367");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Moxa NPort Devices Multiple Vulnerabilities (MCSA-160401)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("General");
  script_dependencies("gb_moxa_nport_consolidation.nasl");
  script_mandatory_keys("moxa/nport/detected");

  script_tag(name:"summary", value:"Moxa NPort devices are prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Moxa NPort devices are prone to multiple vulnerabilities:

  - CVE-2016-9361: Administration passwords can be retried without authenticating

  - CVE-2016-9369: Firmware can be updated over the network without authentication, which may allow
  remote code execution.

  - CVE-2016-9363: Buffer overflow vulnerability may allow an unauthenticated attacker to remotely
  execute arbitrary code.

  - CVE-2016-9371: User-controlled input is not neutralized before being output to web page.

  - CVE-2016-9365: Requests are not verified to be intentionally submitted by the proper user.

  - CVE-2016-9366: An attacker can freely use brute force to determine parameters needed to bypass
  authentication.

  - CVE-2016-9348: A configuration file contains parameters that represent passwords in plaintext.

  - CVE-2016-9367: The amount of resources requested by a malicious actor is not restricted, leading
  to a denial-of-service caused by resource exhaustion.");

  script_tag(name:"impact", value:"Successful exploitation of these vulnerabilities could lead to
  the complete compromise of an affected system.");

  script_tag(name:"affected", value:"Moxa NPort 5110, 5130/5150 Series, 5200 Series, 5400 Series,
  5600 Series, 5100A Series, P5150A, 5200A Series, 5150AI-M12 Series, 5250AI-M12 Series, 5450AI-M12
  Series, 5600-8-DT Series, 5600-8-DTL Series, 6100/6200 Series, 6400/6600 Series, 6110 Series and
  IA5450A.");

  script_tag(name:"solution", value:"Moxa has released new firmware versions which addresses the
  identified vulnerabilities.");

  script_xref(name:"URL", value:"https://www.moxa.com/en/support/product-support/security-advisory/nport-5000-series-and-nport-6000-series-serial-device-server-vulnerabilities");
  script_xref(name:"URL", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-16-336-02a");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!infos = get_app_port_from_cpe_prefix(cpe: CPE_PREFIX))
  exit(0);

cpe = infos["cpe"];

if (cpe !~ "^cpe:/o:moxa:nport_[56][1246])")
  exit(0);

if (!version = get_app_version(cpe: cpe, nofork: TRUE))
  exit(0);

if (cpe =~ "^cpe:/o:moxa:nport_5110") {
  if (version_is_less(version: version, test_version: "2.7")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "2.7");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~"^cpe:/o:moxa:nport_51[35]0") {
  if (version_is_less(version: version, test_version: "3.7")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "3.7");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~ "^cpe:/o:moxa:nport_52[0-9]{2}_firmware") {
  if (version_is_less(version: version, test_version: "2.9")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "2.9");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~ "^cpe:/o:moxa:nport_54[0-9]{2}_firmware") {
  if (version_is_less(version: version, test_version: "3.12")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "3.12");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~ "^cpe:/o:moxa:nport_56[0-9]{2}") {
  if (version_is_less(version: version, test_version: "3.8")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "3.8");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~ "^cpe:/o:moxa:nport_5[12][0-9]{2}a_firmware" || cpe =~ "^cpe:/o:moxa:nport_5600-8-dtl") {
  if (version_is_less(version: version, test_version: "1.4")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "1.4");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~ "^cpe:/o:moxa:nport_5(1|2|4)50ai-m12") {
  if (version_is_less(version: version, test_version: "1.3")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "1.3");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~ "^cpe:/o:moxa:nport_5600-8-dt") {
  if (version_is_less(version: version, test_version: "2.5")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "2.5");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~ "^cpe:/o:moxa:nport_5600-8-dtl") {
  if (version_is_less(version: version, test_version: "1.4")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "1.4");
    security_message(port: 0, data: report);
  }
  exit(0);
}

if (cpe =~ "^cpe:/o:moxa:nport_5450a") {
  if (version_is_less(version: version, test_version: "1.4")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "1.4");
    security_message(port: 0, data: report);
  }
  exit(0);
}

# nb: The model checks below are correct, don't escape the "." because this should e.g. catch 611x.
if (cpe =~ "^cpe:/o:moxa:nport_6") {
  if (cpe =~ "^cpe:/o:moxa:nport_611.") {
    report = report_fixed_ver(installed_version: version, fixed_version: "None");
    security_message(port: 0, data: report);
    exit(0);
  }

  else if (cpe =~ "^cpe:/o:moxa:nport_6[1246]..") {
    if (version_is_less(version: version, test_version: "1.16")) {
      report = report_fixed_ver(installed_version: version, fixed_version: "1.16");
      security_message(port: 0, data: report);
    }
    exit(0);
  }
}

exit(99);