Details of VAR-201603-0047

ID

VAR-201603-0047

CVE

CVE-2016-2283

TITLE

Moxa ioLogik E2200 Device and ioAdmin Configuration Utility Vulnerabilities in which related plaintext is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-001694

DESCRIPTION

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. Moxa's ioLogik E2200 and ioAdmin Configuration Utility are products of Moxa. The former is an Ethernet RTU (Remote Terminal Control System) controller, which is a set of software for managing and configuring the ioLogik E2200. A security vulnerability exists in Moxa's ioLogik E2200 version prior to 3.12 and earlier versions of ioAdmin Configuration Utility 3.18. The vulnerability stems from a program failing to encrypt data. Moxa ioLogik E2210 is a smart Ethernet I / O product from Moxa. There is a security vulnerability in Moxa ioLogik E2210. Attackers can use this vulnerability to obtain sensitive information and unauthorized access rights, implement replay attacks, and perform unauthorized operations. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2016-2283 // JVNDB: JVNDB-2016-001694 // CNVD: CNVD-2016-01475 // CNNVD: CNNVD-201508-383 // BID: 76330 // IVD: 5f0bbe0c-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-91102

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5f0bbe0c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01475

AFFECTED PRODUCTS

vendor:	moxa	model:	ioadmin	scope:	lte	version:	3.17	Trust: 1.0
vendor:	moxa	model:	iologik	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	ioadmin	scope:	lt	version:	3.18	Trust: 0.8
vendor:	moxa	model:	iologik e2210	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2210-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2212	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2212-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2214	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2214-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2240	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2240-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2242	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2242-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2260	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2260-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2262	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik e2262-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	iologik	scope:	lt	version:	3.12	Trust: 0.8
vendor:	moxa	model:	iologik e2200	scope:	lt	version:	3.12	Trust: 0.6
vendor:	moxa	model:	ioadmin configuration utility	scope:	lt	version:	3.18	Trust: 0.6
vendor:	moxa	model:	iologik	scope:	eq	version:	3.11	Trust: 0.6
vendor:	moxa	model:	ioadmin	scope:	eq	version:	3.17	Trust: 0.6
vendor:	ioadmin	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	iologik	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 5f0bbe0c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01475 // JVNDB: JVNDB-2016-001694 // CNNVD: CNNVD-201603-029 // NVD: CVE-2016-2283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2283
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-2283
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-01475
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201603-029
value:	MEDIUM
Trust: 0.6
IVD:	5f0bbe0c-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-91102
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2283
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-01475
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5f0bbe0c-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-91102
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2283
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: IVD: 5f0bbe0c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01475 // VULHUB: VHN-91102 // JVNDB: JVNDB-2016-001694 // CNNVD: CNNVD-201603-029 // NVD: CVE-2016-2283

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-91102 // JVNDB: JVNDB-2016-001694 // NVD: CVE-2016-2283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-029

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201603-029

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001694

PATCH

title:	トップページ	url:	http://japan.moxa.com/	Trust: 0.8
title:	Patch for Moxa ioLogik E2200 and ioAdmin Configuration Utility Information Disclosure Vulnerability (CNVD-2016-01475)	url:	https://www.cnvd.org.cn/patchInfo/show/72312	Trust: 0.6
title:	Moxa ioLogik E2200 and ioAdmin Configuration Utility Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60390	Trust: 0.6

sources: CNVD: CNVD-2016-01475 // JVNDB: JVNDB-2016-001694 // CNNVD: CNNVD-201603-029

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2283	Trust: 3.6
db:	ICS CERT	id:	ICSA-16-063-01	Trust: 3.4
db:	CNNVD	id:	CNNVD-201603-029	Trust: 0.9
db:	BID	id:	76330	Trust: 0.9
db:	CNVD	id:	CNVD-2016-01475	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001694	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-383	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-15-224-04	Trust: 0.3
db:	IVD	id:	5F0BBE0C-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-91102	Trust: 0.1

sources: IVD: 5f0bbe0c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01475 // VULHUB: VHN-91102 // BID: 76330 // JVNDB: JVNDB-2016-001694 // CNNVD: CNNVD-201508-383 // CNNVD: CNNVD-201603-029 // NVD: CVE-2016-2283

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-063-01	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2283	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2283	Trust: 0.8
url:	http://www.securityfocus.com/bid/76330	Trust: 0.6
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-15-224-04	Trust: 0.3
url:	http://store.moxa.com/a/product/iologik-e2210-series?id=m20090324001	Trust: 0.3

sources: CNVD: CNVD-2016-01475 // VULHUB: VHN-91102 // BID: 76330 // JVNDB: JVNDB-2016-001694 // CNNVD: CNNVD-201508-383 // CNNVD: CNNVD-201603-029 // NVD: CVE-2016-2283

CREDITS

Aditya K. Sood

Trust: 0.9

sources: BID: 76330 // CNNVD: CNNVD-201508-383

SOURCES

db:	IVD	id:	5f0bbe0c-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2016-01475
db:	VULHUB	id:	VHN-91102
db:	BID	id:	76330
db:	JVNDB	id:	JVNDB-2016-001694
db:	CNNVD	id:	CNNVD-201508-383
db:	CNNVD	id:	CNNVD-201603-029
db:	NVD	id:	CVE-2016-2283

LAST UPDATE DATE

2025-04-12T22:58:22.383000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-01475	date:	2016-03-08T00:00:00
db:	VULHUB	id:	VHN-91102	date:	2016-03-11T00:00:00
db:	BID	id:	76330	date:	2016-07-06T13:34:00
db:	JVNDB	id:	JVNDB-2016-001694	date:	2016-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201508-383	date:	2015-08-18T00:00:00
db:	CNNVD	id:	CNNVD-201603-029	date:	2021-05-20T00:00:00
db:	NVD	id:	CVE-2016-2283	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	5f0bbe0c-2351-11e6-abef-000c29c66e3d	date:	2016-03-08T00:00:00
db:	CNVD	id:	CNVD-2016-01475	date:	2016-03-08T00:00:00
db:	VULHUB	id:	VHN-91102	date:	2016-03-04T00:00:00
db:	BID	id:	76330	date:	2015-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-001694	date:	2016-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201508-383	date:	2015-08-18T00:00:00
db:	CNNVD	id:	CNNVD-201603-029	date:	2016-03-04T00:00:00
db:	NVD	id:	CVE-2016-2283	date:	2016-03-04T15:59:03.343