Sign-up

ID

VAR-201308-0004


CVE

CVE-2012-3039


TITLE

plural Moxa OnCell Vulnerability of obtaining access rights in gateway product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-003711

DESCRIPTION

Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. Moxa OnCell Gateway can communicate with remote serial / Ethernet devices through GSM / GPRS / EDGE network for data and short message transmission. By calculating the private authentication key, an attacker can gain unauthorized access to the system and read the sensitive information of the device, or send commands to the device. This aids in other attacks. There is a security vulnerability in the Moxa OnCell Gateway module using firmware 1.3 and earlier. The following devices are affected: G3111, G3151, G3211, G3251

Trust: 2.52

sources: NVD: CVE-2012-3039 // JVNDB: JVNDB-2013-003711 // CNVD: CNVD-2013-11755 // BID: 61610 // VULHUB: VHN-56320

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-11755

AFFECTED PRODUCTS

vendor:moxamodel:oncell gateway g3211scope:eqversion: -

Trust: 1.0

vendor:moxamodel:oncell gateway g3251scope:eqversion: -

Trust: 1.0

vendor:moxamodel:oncell gateway g3111scope:eqversion: -

Trust: 1.0

vendor:moxamodel:oncell gatewayscope:lteversion:1.3

Trust: 1.0

vendor:moxamodel:oncell gateway g3151scope:eqversion: -

Trust: 1.0

vendor:moxamodel:oncell g3111scope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3151scope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3211scope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3251scope: - version: -

Trust: 0.8

vendor:moxamodel:oncell gatewayscope:ltversion:1.4

Trust: 0.8

vendor:moxamodel:oncell gateway g3251scope: - version: -

Trust: 0.6

vendor:moxamodel:oncell gateway g3211scope: - version: -

Trust: 0.6

vendor:moxamodel:oncell gateway g3151scope: - version: -

Trust: 0.6

vendor:moxamodel:oncell gateway g3111scope: - version: -

Trust: 0.6

vendor:moxamodel:oncell gatewayscope:eqversion:1.3

Trust: 0.6

sources: CNVD: CNVD-2013-11755 // JVNDB: JVNDB-2013-003711 // CNNVD: CNNVD-201308-055 // NVD: CVE-2012-3039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3039
value: HIGH

Trust: 1.0

NVD: CVE-2012-3039
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-11755
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201308-055
value: HIGH

Trust: 0.6

VULHUB: VHN-56320
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-3039
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-11755
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-56320
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-11755 // VULHUB: VHN-56320 // JVNDB: JVNDB-2013-003711 // CNNVD: CNNVD-201308-055 // NVD: CVE-2012-3039

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-56320 // JVNDB: JVNDB-2013-003711 // NVD: CVE-2012-3039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-055

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201308-055

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003711

PATCH
title:Firmware  for  OnCell G3111/G3151/G3211/G3251url:http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=316&type_id=4
Trust: 0.8
title:Top Pageurl:http://www.moxa.com/
Trust: 0.8
title:トップページurl:http://japan.moxa.com/index.htm
Trust: 0.8
title:代理店一覧url:http://japan.moxa.com/buy/Default.htm#japan
Trust: 0.8
title:Patch for MOXA OnCell Gateways Insufficient Entropy Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/38080
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-11755 // 
            
            
            
            JVNDB: JVNDB-2013-003711

EXTERNAL IDS
db:NVDid:CVE-2012-3039
Trust: 3.4
db:ICS CERTid:ICSA-13-217-01
Trust: 2.8
db:BIDid:61610
Trust: 1.6
db:JVNDBid:JVNDB-2013-003711
Trust: 0.8
db:CNNVDid:CNNVD-201308-055
Trust: 0.7
db:CNVDid:CNVD-2013-11755
Trust: 0.6
db:VULHUBid:VHN-56320
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-11755 // 
            
            
            
            VULHUB: VHN-56320 // 
            
            
            
            BID: 61610 // 
            
            
            
            JVNDB: JVNDB-2013-003711 // 
            
            
            
            CNNVD: CNNVD-201308-055 // 
            
            
            
            NVD: CVE-2012-3039

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-217-01
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3039
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3039
Trust: 0.8
url:http://www.isssource.com/moxa-mitigates-entropy-vulnerability/
Trust: 0.6
url:http://www.securityfocus.com/bid/61610
Trust: 0.6
url:http://www.moxa.com/product/cellular_gateway.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-11755 // 
            
            
            
            VULHUB: VHN-56320 // 
            
            
            
            BID: 61610 // 
            
            
            
            JVNDB: JVNDB-2013-003711 // 
            
            
            
            CNNVD: CNNVD-201308-055 // 
            
            
            
            NVD: CVE-2012-3039

CREDITS
Nadia Heninger, San Diego, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
Trust: 0.9
sources:
            
            
            BID: 61610 // 
            
            
            
            CNNVD: CNNVD-201308-055

SOURCES
db:CNVDid:CNVD-2013-11755
db:VULHUBid:VHN-56320
db:BIDid:61610
db:JVNDBid:JVNDB-2013-003711
db:CNNVDid:CNNVD-201308-055
db:NVDid:CVE-2012-3039

LAST UPDATE DATE
2025-04-11T23:15:25.807000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-11755date:2013-08-09T00:00:00
db:VULHUBid:VHN-56320date:2013-08-12T00:00:00
db:BIDid:61610date:2013-08-05T00:00:00
db:JVNDBid:JVNDB-2013-003711date:2013-08-13T00:00:00
db:CNNVDid:CNNVD-201308-055date:2013-08-06T00:00:00
db:NVDid:CVE-2012-3039date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-11755date:2013-08-08T00:00:00
db:VULHUBid:VHN-56320date:2013-08-09T00:00:00
db:BIDid:61610date:2013-08-05T00:00:00
db:JVNDBid:JVNDB-2013-003711date:2013-08-13T00:00:00
db:CNNVDid:CNNVD-201308-055date:2013-08-06T00:00:00
db:NVDid:CVE-2012-3039date:2013-08-09T23:55:02.427