cvelistv5 - cve-2016-9344

CVE-2016-9344 (GCVE-0-2016-9344)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50

Summary

Severity ?

No CVSS data available.

CWE

Moxa MiiNePort Session Hijack

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Moxa MiiNePort	Affected: Moxa MiiNePort

ICSA-16-343-01

Vulnerability from csaf_cisa - Published: 2016-09-11 06:00 - Updated: 2025-06-17 16:50

Summary

Moxa MiiNePort Session Hijack Vulnerabilities

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-16-343-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2016/icsa-16-343-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-16-343-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-343-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Moxa MiiNePort Session Hijack Vulnerabilities",
    "tracking": {
      "current_release_date": "2025-06-17T16:50:00.161907Z",
      "generator": {
        "date": "2025-06-17T16:50:00.161879Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-16-343-01",
      "initial_release_date": "2016-09-11T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2016-09-11T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-17T16:50:00.161907Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.8",
                "product": {
                  "name": "Moxa MiiNePort E1: \u003c1.8",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MiiNePort E1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.4",
                "product": {
                  "name": "Moxa MiiNePort E2: \u003c1.4",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MiiNePort E2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.1",
                "product": {
                  "name": "Moxa MiiNePort E3: \u003c1.1",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "MiiNePort E3"
          }
        ],
        "category": "vendor",
        "name": "Moxa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9344",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E1 Series, Edition 1.8 (http://www.moxa.com/support/download.aspx?type=support\u0026id=1214)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=1214"
        },
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E2 Series, Edition 1.4 (http://www.moxa.com/support/download.aspx?type=support\u0026id=263)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=263"
        },
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E3 Series, Edition 1.1 (http://www.moxa.com/support/download.aspx?type=support\u0026id=2058)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=2058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2016-9346",
      "cwe": {
        "id": "CWE-312",
        "name": "Cleartext Storage of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E1 Series, Edition 1.8 (http://www.moxa.com/support/download.aspx?type=support\u0026id=1214)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=1214"
        },
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E2 Series, Edition 1.4 (http://www.moxa.com/support/download.aspx?type=support\u0026id=263)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=263"
        },
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E3 Series, Edition 1.1 (http://www.moxa.com/support/download.aspx?type=support\u0026id=2058)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=2058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

CNVD-2016-12354

Vulnerability from cnvd - Published: 2016-12-15

Title

Moxa MiiNePort会话劫持漏洞

Description

Moxa MiiNePort是摩莎（Moxa）公司的一个专为制造商设计的可将串口设备连入网络连接的内嵌式设备联网模块。 Moxa MiiNePort中存在安全漏洞。攻击者可利用该漏洞暴力解码会话cookie，下载配置文件。

Severity

中

Patch Name

Moxa MiiNePort会话劫持漏洞的补丁

Patch Description

Moxa MiiNePort是摩莎（Moxa）公司的一个专为制造商设计的可将串口设备连入网络连接的内嵌式设备联网模块。 Moxa MiiNePort中存在安全漏洞。攻击者可利用该漏洞暴力解码会话cookie，下载配置文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： http://www.moxa.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01 http://www.securityfocus.com/bid/94783

Impacted products

Name
Moxa MiiNePort

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94783"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9344"
    }
  },
  "description": "Moxa MiiNePort\u662f\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u4e13\u4e3a\u5236\u9020\u5546\u8bbe\u8ba1\u7684\u53ef\u5c06\u4e32\u53e3\u8bbe\u5907\u8fde\u5165\u7f51\u7edc\u8fde\u63a5\u7684\u5185\u5d4c\u5f0f\u8bbe\u5907\u8054\u7f51\u6a21\u5757\u3002\r\n\r\nMoxa MiiNePort\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66b4\u529b\u89e3\u7801\u4f1a\u8bddcookie\uff0c\u4e0b\u8f7d\u914d\u7f6e\u6587\u4ef6\u3002",
  "discovererName": "Aditya Sood",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.moxa.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-12354",
  "openTime": "2016-12-15",
  "patchDescription": "Moxa MiiNePort\u662f\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u4e13\u4e3a\u5236\u9020\u5546\u8bbe\u8ba1\u7684\u53ef\u5c06\u4e32\u53e3\u8bbe\u5907\u8fde\u5165\u7f51\u7edc\u8fde\u63a5\u7684\u5185\u5d4c\u5f0f\u8bbe\u5907\u8054\u7f51\u6a21\u5757\u3002\r\n\r\nMoxa MiiNePort\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66b4\u529b\u89e3\u7801\u4f1a\u8bddcookie\uff0c\u4e0b\u8f7d\u914d\u7f6e\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa MiiNePort\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Moxa MiiNePort"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01\r\nhttp://www.securityfocus.com/bid/94783",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-12",
  "title": "Moxa MiiNePort\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e"
}

VAR-201702-0847

Vulnerability from variot - Updated: 2023-12-18 12:37

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network.

There are security holes in Moxa MiiNePort. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0847",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "miineport e2",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.3"
      },
      {
        "model": "miineport e1",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.7"
      },
      {
        "model": "miineport e3",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.0"
      },
      {
        "model": "miineport e3",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "moxa",
        "version": "1.0"
      },
      {
        "model": "miineport e1",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "miineport e1",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.8"
      },
      {
        "model": "miineport e2",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "miineport e2",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.4"
      },
      {
        "model": "miineport e3",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "miineport e3",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "miineport",
        "scope": null,
        "trust": 0.6,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "miineport e2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "1.3"
      },
      {
        "model": "miineport e1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "1.7"
      },
      {
        "model": "miineport e2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.0"
      },
      {
        "model": "miineport e1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.0"
      },
      {
        "model": "miineport e3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "miineport e2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.4"
      },
      {
        "model": "miineport e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.8"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9344"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aditya Sood",
    "sources": [
      {
        "db": "BID",
        "id": "94783"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-9344",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-9344",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-12354",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-98164",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-9344",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-9344",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-12354",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201612-235",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-98164",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. \n\nThere are security holes in Moxa MiiNePort. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. \nSuccessful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98164"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-9344",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-343-01",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "94783",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-98164",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98164"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ]
  },
  "id": "VAR-201702-0847",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98164"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:37:36.304000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30b7\u30ea\u30a2\u30eb\u2212\u30a4\u30fc\u30b5\u30cd\u30c3\u30c8\u30fb\u30e2\u30b8\u30e5\u30fc\u30eb",
        "trust": 0.8,
        "url": "http://japan.moxa.com/product/serial_to_ethernet_embedded_device_server.htm"
      },
      {
        "title": "Patch for Moxa MiiNePort Session Hijacking Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/85874"
      },
      {
        "title": "Moxa MiiNePort Repair measures for session hijacking vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66272"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-532",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-98164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9344"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-343-01"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/94783"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9344"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9344"
      },
      {
        "trust": 0.3,
        "url": "http://www.moxa.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98164"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98164"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "date": "2017-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-98164"
      },
      {
        "date": "2016-12-08T00:00:00",
        "db": "BID",
        "id": "94783"
      },
      {
        "date": "2017-03-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "date": "2017-02-13T21:59:01.720000",
        "db": "NVD",
        "id": "CVE-2016-9344"
      },
      {
        "date": "2016-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "date": "2017-02-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-98164"
      },
      {
        "date": "2016-12-20T01:08:00",
        "db": "BID",
        "id": "94783"
      },
      {
        "date": "2017-03-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007683"
      },
      {
        "date": "2017-02-23T19:25:44.110000",
        "db": "NVD",
        "id": "CVE-2016-9344"
      },
      {
        "date": "2016-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa MiiNePort Session Hijacking Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-235"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-9344

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-9344

Aliases

CVE-2016-9344

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9344",
    "description": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.",
    "id": "GSD-2016-9344"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9344"
      ],
      "details": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.",
      "id": "GSD-2016-9344",
      "modified": "2023-12-13T01:21:21.845795Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2016-9344",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Moxa MiiNePort",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Moxa MiiNePort"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Moxa MiiNePort Session Hijack"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
          },
          {
            "name": "94783",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94783"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-9344"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
            },
            {
              "name": "94783",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94783"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-02-23T19:25Z",
      "publishedDate": "2017-02-13T21:59Z"
    }
  }
}

FKIE_CVE-2016-9344

Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/94783	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94783	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
moxa	miineport_e1_firmware	*
moxa	miineport_e2_firmware	*
moxa	miineport_e3_firmware	*
moxa	miineport_e1	-
moxa	miineport_e2	-
moxa	miineport_e3	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5768CC53-4855-45C6-9FD0-C3603B2FBA7C",
              "versionEndIncluding": "1.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E099C55B-0E6B-448E-A524-7D405261DC88",
              "versionEndIncluding": "1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD73B290-2AB0-4AAB-B9D6-E655181C88D0",
              "versionEndIncluding": "1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E72C6A-A107-4EB6-9692-C769DE9EEA17",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AACCDD37-C2D0-473A-ACE5-2B1246BF4712",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0017FB3-ADDC-477E-B4CD-4BFF1977CED0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."
    },
    {
      "lang": "es",
      "value": "Ha sido descubierto un problema en Moxa MiiNePort E1 versiones anteriores a 1.8, E2 versiones anteriores a 1.4 y E3 versiones anteriores a 1.1. Un atacante puede ser capaz de forzar una cookie de sesi\u00f3n activa para poder descargar archivos de configuraci\u00f3n."
    }
  ],
  "id": "CVE-2016-9344",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-13T21:59:01.720",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94783"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WCMM-HVMM-F94R

Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9344"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-13T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.",
  "id": "GHSA-wcmm-hvmm-f94r",
  "modified": "2022-05-17T02:57:57Z",
  "published": "2022-05-17T02:57:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9344"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94783"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9344 (GCVE-0-2016-9344)

ICSA-16-343-01

CNVD-2016-12354

VAR-201702-0847

GSD-2016-9344

FKIE_CVE-2016-9344

GHSA-WCMM-HVMM-F94R

Tags

Sightings

Nomenclature