VAR-201712-0120
Vulnerability from variot - Updated: 2023-12-18 12:50A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. Moxa NPort W2150A and NPort W2250A Contains vulnerabilities related to certificate and password management.Information may be obtained and information may be altered. Moxa's NPortW2150A and NPortW2250A are both serial communication servers used by Moxa to connect industrial serial devices to the network. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nport w2150a",
"scope": "lt",
"trust": 2.4,
"vendor": "moxa",
"version": "1.11"
},
{
"model": "nport w2250a",
"scope": "lt",
"trust": 2.4,
"vendor": "moxa",
"version": "1.11"
},
{
"model": "nport w2250a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "1.10"
},
{
"model": "nport w2150a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "1.10"
},
{
"model": "nport w2250a",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.11"
},
{
"model": "nport w2150a",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nport w2150a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nport w2250a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"db": "BID",
"id": "102254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"db": "NVD",
"id": "CVE-2017-16727"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:nport_w2150a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:nport_w2150a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:nport_w2250a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:nport_w2250a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16727"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Federico Maggi",
"sources": [
{
"db": "BID",
"id": "102254"
}
],
"trust": 0.3
},
"cve": "CVE-2017-16727",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16727",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-38102",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16727",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16727",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-38102",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-869",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"db": "NVD",
"id": "CVE-2017-16727"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. Moxa NPort W2150A and NPort W2250A Contains vulnerabilities related to certificate and password management.Information may be obtained and information may be altered. Moxa\u0027s NPortW2150A and NPortW2250A are both serial communication servers used by Moxa to connect industrial serial devices to the network. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16727"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"db": "BID",
"id": "102254"
},
{
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16727",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-355-01",
"trust": 2.7
},
{
"db": "BID",
"id": "102254",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-38102",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-869",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011707",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E0B980-39AB-11E9-8759-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"db": "BID",
"id": "102254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"db": "NVD",
"id": "CVE-2017-16727"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
]
},
"id": "VAR-201712-0120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-38102"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-38102"
}
]
},
"last_update_date": "2023-12-18T12:50:57.564000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware for NPort W2x50A Series",
"trust": 0.8,
"url": "https://www.moxa.com/support/download.aspx?type=support\u0026id=14781"
},
{
"title": "MoxaNPortW2150AandW2250A Unauthorized Access Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111725"
},
{
"title": "Moxa NPort W2150A and NPort W2250A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"db": "NVD",
"id": "CVE-2017-16727"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-355-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102254"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16727"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16727"
},
{
"trust": 0.3,
"url": "https://www.moxa.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"db": "BID",
"id": "102254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"db": "NVD",
"id": "CVE-2017-16727"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"db": "BID",
"id": "102254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"db": "NVD",
"id": "CVE-2017-16727"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-26T00:00:00",
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
},
{
"date": "2017-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102254"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"date": "2017-12-22T02:29:15.027000",
"db": "NVD",
"id": "CVE-2017-16727"
},
{
"date": "2017-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38102"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102254"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011707"
},
{
"date": "2019-10-09T23:25:15.113000",
"db": "NVD",
"id": "CVE-2017-16727"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa NPort W2150A and W2250A Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e0b980-39ab-11e9-8759-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-38102"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-869"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…