Sign-up

ID

VAR-201608-0259


CVE

CVE-2016-5799


TITLE

plural Moxa OnCell Vulnerability to gain access rights on devices

Trust: 0.8

sources: JVNDB: JVNDB-2016-004449

DESCRIPTION

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Supplementary information : CWE Vulnerability type by CWE-285: Improper Authorization ( Inappropriate authentication ) Has been identified. http://cwe.mitre.org/data/definitions/285.htmlRound robin by a third party (brute-force) Access may be gained through an attack. MoxaOnCellG3100V2 and so on are Moxa's IP gateway products. A remote attacker can exploit the vulnerability to gain access by exploiting a brute force attack. Moxa OnCell is prone to a remote unspecified authentication bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. The following products are vulnerable: OnCell G3100V2 Series versions prior to 2.8 are vulnerable. OnCell G3111/G3151/G3211/G3251 Series versions prior to 1.7 are vulnerable. A security vulnerability exists in several Moxa products

Trust: 2.52

sources: NVD: CVE-2016-5799 // JVNDB: JVNDB-2016-004449 // CNVD: CNVD-2016-06703 // BID: 92606 // VULHUB: VHN-94618

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06703

AFFECTED PRODUCTS

vendor:moxamodel:oncell g3001scope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:oncell g3100v2scope:lteversion:2.7

Trust: 1.0

vendor:moxamodel:oncell g3100v2 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3100v2 seriesscope:ltversion:2.8

Trust: 0.8

vendor:moxamodel:oncell g3111/g3151/g3211/g3251 seriesscope:ltversion:1.7

Trust: 0.8

vendor:moxamodel:oncell g3151scope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3211scope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3251scope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3100v2scope:ltversion:2.8

Trust: 0.6

vendor:moxamodel:oncell g3251scope:eqversion:1.7

Trust: 0.6

vendor:moxamodel:oncell g3211scope:eqversion:1.7

Trust: 0.6

vendor:moxamodel:oncell g3111scope:eqversion:1.7

Trust: 0.6

vendor:moxamodel:oncell g3151scope:eqversion:1.7

Trust: 0.6

vendor:moxamodel:oncell g3001scope:eqversion:1.6

Trust: 0.6

vendor:moxamodel:oncell g3100v2scope:eqversion:2.7

Trust: 0.6

vendor:moxamodel:oncell g3251scope:eqversion:1.6

Trust: 0.3

vendor:moxamodel:oncell g3251scope:eqversion:1.4

Trust: 0.3

vendor:moxamodel:oncell g3251scope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell g3211scope:eqversion:1.6

Trust: 0.3

vendor:moxamodel:oncell g3211scope:eqversion:1.4

Trust: 0.3

vendor:moxamodel:oncell g3211scope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell g3151scope:eqversion:1.6

Trust: 0.3

vendor:moxamodel:oncell g3151scope:eqversion:1.4

Trust: 0.3

vendor:moxamodel:oncell g3151scope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell g3111scope:eqversion:1.6

Trust: 0.3

vendor:moxamodel:oncell g3111scope:eqversion:1.4

Trust: 0.3

vendor:moxamodel:oncell g3111scope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell g3100v2scope:eqversion:2.6

Trust: 0.3

vendor:moxamodel:oncell g3251scope:neversion:1.7

Trust: 0.3

vendor:moxamodel:oncell g3211scope:neversion:1.7

Trust: 0.3

vendor:moxamodel:oncell g3151scope:neversion:1.7

Trust: 0.3

vendor:moxamodel:oncell g3111scope:neversion:1.7

Trust: 0.3

vendor:moxamodel:oncell g3100v2scope:neversion:2.8

Trust: 0.3

sources: CNVD: CNVD-2016-06703 // BID: 92606 // JVNDB: JVNDB-2016-004449 // CNNVD: CNNVD-201608-430 // NVD: CVE-2016-5799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5799
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-5799
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-06703
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201608-430
value: CRITICAL

Trust: 0.6

VULHUB: VHN-94618
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-5799
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-06703
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-94618
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5799
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-06703 // VULHUB: VHN-94618 // JVNDB: JVNDB-2016-004449 // CNNVD: CNNVD-201608-430 // NVD: CVE-2016-5799

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-94618 // JVNDB: JVNDB-2016-004449 // NVD: CVE-2016-5799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-430

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201608-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004449

PATCH
title:Firmware for OnCell G3100V2 Seriesurl:http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=416&type_id=4
Trust: 0.8
title:Firmware for OnCell G3111/G3151/G3211/G3251 Seriesurl:http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=316&type_id=4
Trust: 0.8
title:A variety of Moxa product permissions to obtain vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/80731
Trust: 0.6
title:Multiple Moxa Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63744
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-06703 // 
            
            
            
            JVNDB: JVNDB-2016-004449 // 
            
            
            
            CNNVD: CNNVD-201608-430

EXTERNAL IDS
db:NVDid:CVE-2016-5799
Trust: 3.4
db:ICS CERTid:ICSA-16-236-01
Trust: 3.4
db:BIDid:92606
Trust: 2.0
db:JVNDBid:JVNDB-2016-004449
Trust: 0.8
db:CNNVDid:CNNVD-201608-430
Trust: 0.7
db:CNVDid:CNVD-2016-06703
Trust: 0.6
db:VULHUBid:VHN-94618
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06703 // 
            
            
            
            VULHUB: VHN-94618 // 
            
            
            
            BID: 92606 // 
            
            
            
            JVNDB: JVNDB-2016-004449 // 
            
            
            
            CNNVD: CNNVD-201608-430 // 
            
            
            
            NVD: CVE-2016-5799

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-236-01
Trust: 3.4
url:http://www.securityfocus.com/bid/92606
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5799
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5799
Trust: 0.8
url:http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=316&type_id=4
Trust: 0.6
url:http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=416&type_id=4
Trust: 0.6
url:http://www.moxa.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-06703 // 
            
            
            
            VULHUB: VHN-94618 // 
            
            
            
            BID: 92606 // 
            
            
            
            JVNDB: JVNDB-2016-004449 // 
            
            
            
            CNNVD: CNNVD-201608-430 // 
            
            
            
            NVD: CVE-2016-5799

CREDITS
Maxim Rupp.
Trust: 0.3
sources:
            
            
            BID: 92606

SOURCES
db:CNVDid:CNVD-2016-06703
db:VULHUBid:VHN-94618
db:BIDid:92606
db:JVNDBid:JVNDB-2016-004449
db:CNNVDid:CNNVD-201608-430
db:NVDid:CVE-2016-5799

LAST UPDATE DATE
2025-04-13T23:02:46.955000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-06703date:2016-08-25T00:00:00
db:VULHUBid:VHN-94618date:2016-11-28T00:00:00
db:BIDid:92606date:2016-08-23T00:00:00
db:JVNDBid:JVNDB-2016-004449date:2016-08-25T00:00:00
db:CNNVDid:CNNVD-201608-430date:2016-08-24T00:00:00
db:NVDid:CVE-2016-5799date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-06703date:2016-08-25T00:00:00
db:VULHUBid:VHN-94618date:2016-08-24T00:00:00
db:BIDid:92606date:2016-08-23T00:00:00
db:JVNDBid:JVNDB-2016-004449date:2016-08-25T00:00:00
db:CNNVDid:CNNVD-201608-430date:2016-08-24T00:00:00
db:NVDid:CVE-2016-5799date:2016-08-24T02:00:24.087