Details of VAR-201603-0046

ID

VAR-201603-0046

CVE

CVE-2016-2282

TITLE

Moxa ioLogik E2200 Device and ioAdmin Configuration Utility Vulnerabilities in which related plaintext is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-001695

DESCRIPTION

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. Moxa's ioLogik E2200 and ioAdmin Configuration Utility are products of Moxa. The former is an Ethernet RTU (Remote Terminal Control System) controller, which is a set of software for managing and configuring the ioLogik E2200. A security vulnerability exists in Moxa's ioLogik E2200 version prior to 3.12 and in versions prior to ioAdmin Configuration Utility 3.18. The vulnerability stems from the program failing to encrypt the certificate. A remote attacker can exploit this vulnerability to obtain relevant plaintext data. Moxa ioLogik E2210 is a smart Ethernet I / O product from Moxa. There is a security vulnerability in Moxa ioLogik E2210. Attackers can use this vulnerability to obtain sensitive information and unauthorized access rights, implement replay attacks, and perform unauthorized operations. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2016-2282 // JVNDB: JVNDB-2016-001695 // CNVD: CNVD-2016-01474 // CNNVD: CNNVD-201508-383 // BID: 76330 // IVD: 5f0a9b4e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-91101

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5f0a9b4e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01474

AFFECTED PRODUCTS

vendor:	moxa	model:	ioadmin	scope:	lte	version:	3.17	Trust: 1.0
vendor:	moxa	model:	iologik	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	ioadmin	scope:	lt	version:	3.18	Trust: 0.8
vendor:	moxa	model:	iologik e2210	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2210-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2212	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2212-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2214	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2214-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2240	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2240-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2242	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2242-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2260	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2260-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2262	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2262-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik	scope:	lt	version:	3.12	Trust: 0.8
vendor:	moxa	model:	iologik e2200	scope:	lt	version:	3.12	Trust: 0.6
vendor:	moxa	model:	ioadmin configuration utility	scope:	lt	version:	3.18	Trust: 0.6
vendor:	moxa	model:	iologik	scope:	eq	version:	3.11	Trust: 0.6
vendor:	moxa	model:	ioadmin	scope:	eq	version:	3.17	Trust: 0.6
vendor:	ioadmin	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	iologik	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 5f0a9b4e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01474 // JVNDB: JVNDB-2016-001695 // CNNVD: CNNVD-201603-030 // NVD: CVE-2016-2282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2282
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-2282
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-01474
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201603-030
value:	MEDIUM
Trust: 0.6
IVD:	5f0a9b4e-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-91101
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2282
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-01474
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5f0a9b4e-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-91101
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2282
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: IVD: 5f0a9b4e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01474 // VULHUB: VHN-91101 // JVNDB: JVNDB-2016-001695 // CNNVD: CNNVD-201603-030 // NVD: CVE-2016-2282

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-91101 // JVNDB: JVNDB-2016-001695 // NVD: CVE-2016-2282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-030

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201603-030

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001695

PATCH

title:	トップページ	url:	http://japan.moxa.com/	Trust: 0.8
title:	Moxa ioLogik E2200 and ioAdmin Configuration Utility information disclosure vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/72311	Trust: 0.6
title:	Moxa ioLogik E2200 and ioAdmin Configuration Utility Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60391	Trust: 0.6

sources: CNVD: CNVD-2016-01474 // JVNDB: JVNDB-2016-001695 // CNNVD: CNNVD-201603-030

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2282	Trust: 3.6
db:	ICS CERT	id:	ICSA-16-063-01	Trust: 3.4
db:	CNNVD	id:	CNNVD-201603-030	Trust: 0.9
db:	BID	id:	76330	Trust: 0.9
db:	CNVD	id:	CNVD-2016-01474	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001695	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-383	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-15-224-04	Trust: 0.3
db:	IVD	id:	5F0A9B4E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-91101	Trust: 0.1

sources: IVD: 5f0a9b4e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01474 // VULHUB: VHN-91101 // BID: 76330 // JVNDB: JVNDB-2016-001695 // CNNVD: CNNVD-201508-383 // CNNVD: CNNVD-201603-030 // NVD: CVE-2016-2282

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-063-01	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2282	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2282	Trust: 0.8
url:	http://www.securityfocus.com/bid/76330	Trust: 0.6
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-15-224-04	Trust: 0.3
url:	http://store.moxa.com/a/product/iologik-e2210-series?id=m20090324001	Trust: 0.3

sources: CNVD: CNVD-2016-01474 // VULHUB: VHN-91101 // BID: 76330 // JVNDB: JVNDB-2016-001695 // CNNVD: CNNVD-201508-383 // CNNVD: CNNVD-201603-030 // NVD: CVE-2016-2282

CREDITS

Aditya K. Sood

Trust: 0.9

sources: BID: 76330 // CNNVD: CNNVD-201508-383

SOURCES

db:	IVD	id:	5f0a9b4e-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2016-01474
db:	VULHUB	id:	VHN-91101
db:	BID	id:	76330
db:	JVNDB	id:	JVNDB-2016-001695
db:	CNNVD	id:	CNNVD-201508-383
db:	CNNVD	id:	CNNVD-201603-030
db:	NVD	id:	CVE-2016-2282

LAST UPDATE DATE

2025-04-12T22:58:22.340000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-01474	date:	2016-03-08T00:00:00
db:	VULHUB	id:	VHN-91101	date:	2016-03-14T00:00:00
db:	BID	id:	76330	date:	2016-07-06T13:34:00
db:	JVNDB	id:	JVNDB-2016-001695	date:	2016-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201508-383	date:	2015-08-18T00:00:00
db:	CNNVD	id:	CNNVD-201603-030	date:	2021-05-20T00:00:00
db:	NVD	id:	CVE-2016-2282	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	5f0a9b4e-2351-11e6-abef-000c29c66e3d	date:	2016-03-08T00:00:00
db:	CNVD	id:	CNVD-2016-01474	date:	2016-03-08T00:00:00
db:	VULHUB	id:	VHN-91101	date:	2016-03-04T00:00:00
db:	BID	id:	76330	date:	2015-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-001695	date:	2016-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201508-383	date:	2015-08-18T00:00:00
db:	CNNVD	id:	CNNVD-201603-030	date:	2016-03-04T00:00:00
db:	NVD	id:	CVE-2016-2282	date:	2016-03-04T15:59:02.407