VAR-201702-0847
Vulnerability from variot - Updated: 2023-12-18 12:37An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network.
There are security holes in Moxa MiiNePort. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0847",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "miineport e2",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "miineport e1",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.7"
},
{
"model": "miineport e3",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e3",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e1",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e1",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.8"
},
{
"model": "miineport e2",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "miineport e3",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e3",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "miineport",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "miineport e1",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.7"
},
{
"model": "miineport e2",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e1",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e3",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "miineport e2",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "miineport e1",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "94783"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9344",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12354",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-98164",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9344",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9344",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-12354",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98164",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. \n\nThere are security holes in Moxa MiiNePort. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. \nSuccessful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "VULHUB",
"id": "VHN-98164"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9344",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-343-01",
"trust": 3.4
},
{
"db": "BID",
"id": "94783",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12354",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98164",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"id": "VAR-201702-0847",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
}
]
},
"last_update_date": "2023-12-18T12:37:36.304000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30b7\u30ea\u30a2\u30eb\u2212\u30a4\u30fc\u30b5\u30cd\u30c3\u30c8\u30fb\u30e2\u30b8\u30e5\u30fc\u30eb",
"trust": 0.8,
"url": "http://japan.moxa.com/product/serial_to_ethernet_embedded_device_server.htm"
},
{
"title": "Patch for Moxa MiiNePort Session Hijacking Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/85874"
},
{
"title": "Moxa MiiNePort Repair measures for session hijacking vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66272"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-343-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94783"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9344"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9344"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "VULHUB",
"id": "VHN-98164"
},
{
"db": "BID",
"id": "94783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98164"
},
{
"date": "2016-12-08T00:00:00",
"db": "BID",
"id": "94783"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"date": "2017-02-13T21:59:01.720000",
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"date": "2017-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-98164"
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94783"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007683"
},
{
"date": "2017-02-23T19:25:44.110000",
"db": "NVD",
"id": "CVE-2016-9344"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa MiiNePort Session Hijacking Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12354"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-235"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…