VAR-201308-0004
Vulnerability from variot - Updated: 2023-12-18 13:57Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. Moxa OnCell Gateway can communicate with remote serial / Ethernet devices through GSM / GPRS / EDGE network for data and short message transmission. By calculating the private authentication key, an attacker can gain unauthorized access to the system and read the sensitive information of the device, or send commands to the device. This aids in other attacks. There is a security vulnerability in the Moxa OnCell Gateway module using firmware 1.3 and earlier. The following devices are affected: G3111, G3151, G3211, G3251
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oncell gateway g3111",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3251",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "oncell gateway g3211",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3151",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": null
},
{
"model": "oncell g3111",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "oncell g3151",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "oncell g3211",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "oncell g3251",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "oncell gateway g3251",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3211",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3151",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3111",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:oncell_gateway_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:oncell_gateway_g3111:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:moxa:oncell_gateway_g3211:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:moxa:oncell_gateway_g3151:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:moxa:oncell_gateway_g3251:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nadia Heninger, San Diego, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman",
"sources": [
{
"db": "BID",
"id": "61610"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-3039",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-11755",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-56320",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3039",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-11755",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-055",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-56320",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. Moxa OnCell Gateway can communicate with remote serial / Ethernet devices through GSM / GPRS / EDGE network for data and short message transmission. By calculating the private authentication key, an attacker can gain unauthorized access to the system and read the sensitive information of the device, or send commands to the device. This aids in other attacks. There is a security vulnerability in the Moxa OnCell Gateway module using firmware 1.3 and earlier. The following devices are affected: G3111, G3151, G3211, G3251",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "BID",
"id": "61610"
},
{
"db": "VULHUB",
"id": "VHN-56320"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3039",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-13-217-01",
"trust": 2.8
},
{
"db": "BID",
"id": "61610",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-11755",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-56320",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "BID",
"id": "61610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
]
},
"id": "VAR-201308-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
}
],
"trust": 1.41428572875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
}
]
},
"last_update_date": "2023-12-18T13:57:50.651000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware for OnCell G3111/G3151/G3211/G3251",
"trust": 0.8,
"url": "http://www.moxa.com/support/sarch_result.aspx?type=soft\u0026prod_id=316\u0026type_id=4"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.moxa.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://japan.moxa.com/index.htm"
},
{
"title": "\u4ee3\u7406\u5e97\u4e00\u89a7",
"trust": 0.8,
"url": "http://japan.moxa.com/buy/default.htm#japan"
},
{
"title": "Patch for MOXA OnCell Gateways Insufficient Entropy Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/38080"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-217-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3039"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3039"
},
{
"trust": 0.6,
"url": "http://www.isssource.com/moxa-mitigates-entropy-vulnerability/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61610"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/product/cellular_gateway.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "BID",
"id": "61610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "BID",
"id": "61610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"date": "2013-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-56320"
},
{
"date": "2013-08-05T00:00:00",
"db": "BID",
"id": "61610"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"date": "2013-08-09T23:55:02.427000",
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"date": "2013-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"date": "2013-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-56320"
},
{
"date": "2013-08-05T00:00:00",
"db": "BID",
"id": "61610"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"date": "2013-08-12T19:28:58.983000",
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"date": "2013-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa OnCell Vulnerability of obtaining access rights in gateway product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…