FKIE_CVE-2017-16715

Vulnerability from fkie_nvd - Published: 2017-11-16 21:29 - Updated: 2025-04-20 01:37
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.
References
ics-cert@hq.dhs.govhttp://www.securityfocus.com/bid/101885Third Party Advisory, VDB Entry
ics-cert@hq.dhs.govhttps://ics-cert.us-cert.gov/advisories/ICSA-17-320-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101885Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
moxa nport_5110_firmware 2.2
moxa nport_5110_firmware 2.4
moxa nport_5110_firmware 2.6
moxa nport_5110_firmware 2.7
moxa nport_5110 -
moxa nport_5130_firmware *
moxa nport_5130 -
moxa nport_5150_firmware *
moxa nport_5150 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:nport_5110_firmware:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA640858-27A0-474E-A90C-AF61EB5D07D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:nport_5110_firmware:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EEFB08-1A1C-41E0-9A9A-DE88F82D97CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:nport_5110_firmware:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4ABA135-2EB9-47A1-AFE9-1EAA96BAD220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:nport_5110_firmware:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C34FCCC1-FD11-4734-BEAB-1577510DDA21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D28B00-C0BD-4B70-B871-9D18F37DCBE9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:nport_5130_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D10C4E5F-1F08-409D-BECA-115BC44D4E56",
              "versionEndIncluding": "3.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5507650-F3BF-45AF-AA54-06CF3EAF7DDB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:nport_5150_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E00EAC-F4D4-47F7-825C-35F9722DB51D",
              "versionEndIncluding": "3.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema de exposici\u00f3n de informaci\u00f3n en Moxa NPort 5110 2.2, NPort 5110 2.4, NPort 5110 2.6, NPort 5110 2.7, NPort 5130 3.7 y anteriores, y NPort 5150 3.7 y anteriores. Un atacante podr\u00eda explotar un defecto en c\u00f3mo se manipula el relleno de tramas Ethernet que podr\u00eda provocar una exposici\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2017-16715",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-16T21:29:00.340",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101885"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.