Sign-up

ID

VAR-201512-0072


CVE

CVE-2015-6481


TITLE

Moxa OnCell Central Manager Software Arbitrary Code Execution Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-07813 // CNNVD: CNNVD-201511-422

DESCRIPTION

The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. Authentication is not required to exploit this vulnerability.The specific flaw exists within the RequestController class. An attacker can exploit this condition to take full control of the product and achieve code execution on all managed hosts. Moxa OnCell Central Manager is a set of private IP management software from Moxa. The software supports the configuration, management, and monitoring of remote devices, etc. over a private network over a network

Trust: 4.41

sources: NVD: CVE-2015-6481 // JVNDB: JVNDB-2015-006501 // ZDI: ZDI-15-453 // CNVD: CNVD-2015-06671 // CNVD: CNVD-2015-07813 // CNNVD: CNNVD-201510-758 // BID: 76935 // IVD: 4b59405a-1e60-11e6-abef-000c29c66e3d // VULHUB: VHN-84442

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.4

sources: IVD: 4b59405a-1e60-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06671 // CNVD: CNVD-2015-07813

AFFECTED PRODUCTS

vendor:moxamodel:oncell central managerscope:ltversion:2.2

Trust: 1.4

vendor:moxamodel:oncell central managerscope: - version: -

Trust: 1.3

vendor:moxamodel:oncell central managerscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:oncell central managerscope:eqversion:2.0

Trust: 0.6

vendor:moxamodel:oncell central managerscope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell central managerscope:neversion:2.2

Trust: 0.3

vendor:oncell central managermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 4b59405a-1e60-11e6-abef-000c29c66e3d // ZDI: ZDI-15-453 // CNVD: CNVD-2015-06671 // CNVD: CNVD-2015-07813 // BID: 76935 // JVNDB: JVNDB-2015-006501 // CNNVD: CNNVD-201511-422 // NVD: CVE-2015-6481

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6481
value: HIGH

Trust: 1.0

NVD: CVE-2015-6481
value: HIGH

Trust: 0.8

ZDI: CVE-2015-6481
value: HIGH

Trust: 0.7

CNVD: CNVD-2015-06671
value: HIGH

Trust: 0.6

CNVD: CNVD-2015-07813
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201511-422
value: HIGH

Trust: 0.6

IVD: 4b59405a-1e60-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-84442
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6481
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

CNVD: CNVD-2015-06671
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2015-07813
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4b59405a-1e60-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-84442
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6481
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.7
version: 3.0

Trust: 1.0

sources: IVD: 4b59405a-1e60-11e6-abef-000c29c66e3d // ZDI: ZDI-15-453 // CNVD: CNVD-2015-06671 // CNVD: CNVD-2015-07813 // VULHUB: VHN-84442 // JVNDB: JVNDB-2015-006501 // CNNVD: CNNVD-201511-422 // NVD: CVE-2015-6481

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-006501 // NVD: CVE-2015-6481

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201511-422 // CNNVD: CNNVD-201510-758

TYPE

Code injection

Trust: 0.8

sources: IVD: 4b59405a-1e60-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201510-758

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006501

PATCH
title:OnCell Central Managerurl:http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=3116&type_id=6
Trust: 0.8
title:This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.02/05/2015 - ZDI sent reports to ICS-CERT02/09/2015 - ZDI receieved an ACK and ticket # from ICS-CERT04/14/2015 - ZDI recieved an update from ICS-CERT that these cases were in work, but "months out"04/15/2015 - ZDI reminded ISC-CERT of the prediacted disclosure date, but indicated some flexibility if the vendor could come close05/14/2015 - ICS-CERT advised ZDI that the vendor could not patch until August05/14/2015 - ZDI agreed to go out to August 509/14/2015 - After getting a response that other Moxa cases had patched, but seemingly not these, ZDI asked ICS-CERT if these did not patch with the August 27 patch09/15/2015 - ICS-CERT indicated that they would reach out to the vendor for clarification and requested extension to do so.  ZDI declined an extension, but indicated we "will wait a couple of days, for a status."09/18/2015 - ZDI notified ICS-CERT of the intent to 0-day the reports-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in  and numerous other Microsoft Knowledge Base articles.-- Vendor Patch:See https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01url:http://technet.microsoft.com/en-us/library/cc725770%28WS.10%29.aspx
Trust: 0.7
title:Patch for Moxa OnCell Central Manager Software Arbitrary Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/67227
Trust: 0.6
title:Moxa OnCell Central Manager Software Fixes for arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58857
Trust: 0.6
sources:
            
            
            ZDI: ZDI-15-453 // 
            
            
            
            CNVD: CNVD-2015-07813 // 
            
            
            
            JVNDB: JVNDB-2015-006501 // 
            
            
            
            CNNVD: CNNVD-201511-422

EXTERNAL IDS
db:NVDid:CVE-2015-6481
Trust: 4.3
db:ICS CERTid:ICSA-15-328-01
Trust: 3.4
db:ZDIid:ZDI-15-453
Trust: 3.3
db:BIDid:76935
Trust: 1.6
db:CNNVDid:CNNVD-201511-422
Trust: 0.9
db:CNVDid:CNVD-2015-06671
Trust: 0.8
db:JVNDBid:JVNDB-2015-006501
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2529
Trust: 0.7
db:CNVDid:CNVD-2015-07813
Trust: 0.6
db:CNNVDid:CNNVD-201510-758
Trust: 0.6
db:IVDid:4B59405A-1E60-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:SEEBUGid:SSVID-89938
Trust: 0.1
db:VULHUBid:VHN-84442
Trust: 0.1
sources:
            
            
            IVD: 4b59405a-1e60-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-15-453 // 
            
            
            
            CNVD: CNVD-2015-06671 // 
            
            
            
            CNVD: CNVD-2015-07813 // 
            
            
            
            VULHUB: VHN-84442 // 
            
            
            
            BID: 76935 // 
            
            
            
            JVNDB: JVNDB-2015-006501 // 
            
            
            
            CNNVD: CNNVD-201511-422 // 
            
            
            
            CNNVD: CNNVD-201510-758 // 
            
            
            
            NVD: CVE-2015-6481

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-328-01
Trust: 4.1
url:http://zerodayinitiative.com/advisories/zdi-15-453/
Trust: 1.7
url:http://www.zerodayinitiative.com/advisories/zdi-15-453/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6481
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6481
Trust: 0.8
url:http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx
Trust: 0.7
url:http://www.securityfocus.com/bid/76935
Trust: 0.6
url:http://www.moxa.com/product/vport_sdk.htm
Trust: 0.3
sources:
            
            
            ZDI: ZDI-15-453 // 
            
            
            
            CNVD: CNVD-2015-06671 // 
            
            
            
            CNVD: CNVD-2015-07813 // 
            
            
            
            VULHUB: VHN-84442 // 
            
            
            
            BID: 76935 // 
            
            
            
            JVNDB: JVNDB-2015-006501 // 
            
            
            
            CNNVD: CNNVD-201511-422 // 
            
            
            
            CNNVD: CNNVD-201510-758 // 
            
            
            
            NVD: CVE-2015-6481

CREDITS
Andrea Micalizzi (rgod)
Trust: 1.6
sources:
            
            
            ZDI: ZDI-15-453 // 
            
            
            
            BID: 76935 // 
            
            
            
            CNNVD: CNNVD-201510-758

SOURCES
db:IVDid:4b59405a-1e60-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-15-453
db:CNVDid:CNVD-2015-06671
db:CNVDid:CNVD-2015-07813
db:VULHUBid:VHN-84442
db:BIDid:76935
db:JVNDBid:JVNDB-2015-006501
db:CNNVDid:CNNVD-201511-422
db:CNNVDid:CNNVD-201510-758
db:NVDid:CVE-2015-6481

LAST UPDATE DATE
2025-04-13T23:26:40.340000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-453date:2015-09-29T00:00:00
db:CNVDid:CNVD-2015-06671date:2015-10-22T00:00:00
db:CNVDid:CNVD-2015-07813date:2015-11-27T00:00:00
db:VULHUBid:VHN-84442date:2015-12-22T00:00:00
db:BIDid:76935date:2015-12-08T22:15:00
db:JVNDBid:JVNDB-2015-006501date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201511-422date:2015-12-22T00:00:00
db:CNNVDid:CNNVD-201510-758date:2015-10-30T00:00:00
db:NVDid:CVE-2015-6481date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:4b59405a-1e60-11e6-abef-000c29c66e3ddate:2015-10-20T00:00:00
db:ZDIid:ZDI-15-453date:2015-09-29T00:00:00
db:CNVDid:CNVD-2015-06671date:2015-10-20T00:00:00
db:CNVDid:CNVD-2015-07813date:2015-11-27T00:00:00
db:VULHUBid:VHN-84442date:2015-12-21T00:00:00
db:BIDid:76935date:2015-09-29T00:00:00
db:JVNDBid:JVNDB-2015-006501date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201511-422date:2015-11-25T00:00:00
db:CNNVDid:CNNVD-201510-758date:2015-09-29T00:00:00
db:NVDid:CVE-2015-6481date:2015-12-21T11:59:06.080