Search criteria
4 vulnerabilities found for MiiNePort E1 by Moxa
VAR-201702-0847
Vulnerability from variot - Updated: 2023-12-18 12:37An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network.
There are security holes in Moxa MiiNePort. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0847",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "miineport e2",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "miineport e1",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.7"
},
{
"model": "miineport e3",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e3",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e1",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e1",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.8"
},
{
"model": "miineport e2",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "miineport e3",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e3",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "miineport",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "miineport e1",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.7"
},
{
"model": "miineport e2",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e1",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e3",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "miineport e2",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "miineport e1",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "94783"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9344",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12354",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-98164",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9344",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9344",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-12354",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98164",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. \n\nThere are security holes in Moxa MiiNePort. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. \nSuccessful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "VULHUB",
"id": "VHN-98164"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9344",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-343-01",
"trust": 3.4
},
{
"db": "BID",
"id": "94783",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12354",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98164",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"id": "VAR-201702-0847",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
}
]
},
"last_update_date": "2023-12-18T12:37:36.304000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30b7\u30ea\u30a2\u30eb\u2212\u30a4\u30fc\u30b5\u30cd\u30c3\u30c8\u30fb\u30e2\u30b8\u30e5\u30fc\u30eb",
"trust": 0.8,
"url": "http://japan.moxa.com/product/serial_to_ethernet_embedded_device_server.htm"
},
{
"title": "Patch for Moxa MiiNePort Session Hijacking Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/85874"
},
{
"title": "Moxa MiiNePort Repair measures for session hijacking vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66272"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-343-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94783"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9344"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9344"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98164"
},
{
"date": "2016-12-08T00:00:00",
"db": "BID",
"id": "94783"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"date": "2017-02-13T21:59:01.720000",
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"date": "2017-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-98164"
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94783"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"date": "2017-02-23T19:25:44.110000",
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa MiiNePort Session Hijacking Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
],
"trust": 0.6
}
}
VAR-201702-0849
Vulnerability from variot - Updated: 2023-12-18 12:37An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network.
An information disclosure vulnerability exists in Moxa MiiNePort, which originated from the program's failure to encrypt configuration data in files. An attacker could use this vulnerability to gain access to the target system. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0849",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "miineport e2",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "miineport e1",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.7"
},
{
"model": "miineport e3",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e3",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e1",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e1",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.8"
},
{
"model": "miineport e2",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "miineport e3",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e3",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "miineport",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "miineport e1",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.7"
},
{
"model": "miineport e2",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e1",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e3",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "miineport e2",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "miineport e1",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"db": "NVD",
"id": "CVE-2016-9346"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "94783"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9346",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-98166",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-9346",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9346",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-12353",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-234",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98166",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"db": "VULHUB",
"id": "VHN-98166"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"db": "NVD",
"id": "CVE-2016-9346"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. \n\nAn information disclosure vulnerability exists in Moxa MiiNePort, which originated from the program\u0027s failure to encrypt configuration data in files. An attacker could use this vulnerability to gain access to the target system. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. \nSuccessful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "VULHUB",
"id": "VHN-98166"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9346",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-343-01",
"trust": 3.4
},
{
"db": "BID",
"id": "94783",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-234",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12353",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98166",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"db": "VULHUB",
"id": "VHN-98166"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"db": "NVD",
"id": "CVE-2016-9346"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
]
},
"id": "VAR-201702-0849",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"db": "VULHUB",
"id": "VHN-98166"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12353"
}
]
},
"last_update_date": "2023-12-18T12:37:36.267000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30b7\u30ea\u30a2\u30eb\u2212\u30a4\u30fc\u30b5\u30cd\u30c3\u30c8\u30fb\u30e2\u30b8\u30e5\u30fc\u30eb",
"trust": 0.8,
"url": "http://japan.moxa.com/product/serial_to_ethernet_embedded_device_server.htm"
},
{
"title": "Patch for Moxa MiiNePort Information Disclosure Vulnerability (CNVD-2016-12353)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/85875"
},
{
"title": "Moxa MiiNePort Repair measures for session hijacking vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66271"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98166"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"db": "NVD",
"id": "CVE-2016-9346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-343-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94783"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9346"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9346"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"db": "VULHUB",
"id": "VHN-98166"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"db": "NVD",
"id": "CVE-2016-9346"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"db": "VULHUB",
"id": "VHN-98166"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"db": "NVD",
"id": "CVE-2016-9346"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98166"
},
{
"date": "2016-12-08T00:00:00",
"db": "BID",
"id": "94783"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"date": "2017-02-13T21:59:01.800000",
"db": "NVD",
"id": "CVE-2016-9346"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12353"
},
{
"date": "2017-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-98166"
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94783"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007684"
},
{
"date": "2017-02-23T19:44:27.380000",
"db": "NVD",
"id": "CVE-2016-9346"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MiiNePort Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007684"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-234"
}
],
"trust": 0.6
}
}
CVE-2023-28697 (GCVE-0-2023-28697)
Vulnerability from cvelistv5 – Published: 2023-04-27 00:00 – Updated: 2025-01-31 18:53
VLAI?
Title
Moxa MiiNePort E1 - Broken Access Control
Summary
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | MiiNePort E1 |
Affected:
1.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:53:01.649336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:53:10.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MiiNePort E1",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.7.2"
}
]
}
],
"datePublic": "2023-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MiiNePort E1 version to 1.8"
}
],
"source": {
"advisory": "TVN-202303002",
"discovery": "EXTERNAL"
},
"title": "Moxa MiiNePort E1 - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-28697",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:53:10.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28697 (GCVE-0-2023-28697)
Vulnerability from nvd – Published: 2023-04-27 00:00 – Updated: 2025-01-31 18:53
VLAI?
Title
Moxa MiiNePort E1 - Broken Access Control
Summary
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | MiiNePort E1 |
Affected:
1.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:53:01.649336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:53:10.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MiiNePort E1",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.7.2"
}
]
}
],
"datePublic": "2023-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html"
},
{
"url": "https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MiiNePort E1 version to 1.8"
}
],
"source": {
"advisory": "TVN-202303002",
"discovery": "EXTERNAL"
},
"title": "Moxa MiiNePort E1 - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-28697",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:53:10.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}