Details of VAR-201608-0260

ID

VAR-201608-0260

CVE

CVE-2016-5812

TITLE

plural Moxa OnCell Vulnerabilities that capture important information on devices

Trust: 0.8

sources: JVNDB: JVNDB-2016-004450

DESCRIPTION

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file. MoxaOnCellG3100V2 and so on are Moxa's IP gateway products. Moxa OnCell is prone to local information-disclosure vulnerability. The following products are affected : Moxa OnCell G3100V2 Series, editions prior to Version 2.8. Moxa OnCell G3111/G3151/G3211/G3251 Series,editions prior to 1.7

Trust: 2.52

sources: NVD: CVE-2016-5812 // JVNDB: JVNDB-2016-004450 // CNVD: CNVD-2016-06702 // BID: 92605 // VULHUB: VHN-94631

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06702

AFFECTED PRODUCTS

vendor:	moxa	model:	oncell g3001	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	oncell g3100v2	scope:	lte	version:	2.7	Trust: 1.0
vendor:	moxa	model:	oncell g3100v2 series	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	oncell g3100v2 series	scope:	lt	version:	2.8	Trust: 0.8
vendor:	moxa	model:	oncell g3111/g3151/g3211/g3251 series	scope:	lt	version:	1.7	Trust: 0.8
vendor:	moxa	model:	oncell g3151	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	oncell g3211	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	oncell g3251	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	oncell g3100v2	scope:	lt	version:	2.8	Trust: 0.6
vendor:	moxa	model:	oncell g3251	scope:	eq	version:	1.7	Trust: 0.6
vendor:	moxa	model:	oncell g3211	scope:	eq	version:	1.7	Trust: 0.6
vendor:	moxa	model:	oncell g3111	scope:	eq	version:	1.7	Trust: 0.6
vendor:	moxa	model:	oncell g3151	scope:	eq	version:	1.7	Trust: 0.6
vendor:	moxa	model:	oncell g3001	scope:	eq	version:	1.6	Trust: 0.6
vendor:	moxa	model:	oncell g3100v2	scope:	eq	version:	2.7	Trust: 0.6
vendor:	moxa	model:	oncell g3251	scope:	eq	version:	1.6	Trust: 0.3
vendor:	moxa	model:	oncell g3251	scope:	eq	version:	1.4	Trust: 0.3
vendor:	moxa	model:	oncell g3211	scope:	eq	version:	1.6	Trust: 0.3
vendor:	moxa	model:	oncell g3211	scope:	eq	version:	1.4	Trust: 0.3
vendor:	moxa	model:	oncell g3151	scope:	eq	version:	1.6	Trust: 0.3
vendor:	moxa	model:	oncell g3151	scope:	eq	version:	1.4	Trust: 0.3
vendor:	moxa	model:	oncell g3111	scope:	eq	version:	1.6	Trust: 0.3
vendor:	moxa	model:	oncell g3111	scope:	eq	version:	1.4	Trust: 0.3
vendor:	moxa	model:	oncell g3100v2	scope:	eq	version:	2.6	Trust: 0.3
vendor:	moxa	model:	oncell g3251	scope:	ne	version:	1.7	Trust: 0.3
vendor:	moxa	model:	oncell g3211	scope:	ne	version:	1.7	Trust: 0.3
vendor:	moxa	model:	oncell g3151	scope:	ne	version:	1.7	Trust: 0.3
vendor:	moxa	model:	oncell g3111	scope:	ne	version:	1.7	Trust: 0.3
vendor:	moxa	model:	oncell g3100v2	scope:	ne	version:	2.8	Trust: 0.3

sources: CNVD: CNVD-2016-06702 // BID: 92605 // JVNDB: JVNDB-2016-004450 // CNNVD: CNNVD-201608-429 // NVD: CVE-2016-5812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5812
value:	LOW
Trust: 1.0
NVD:	CVE-2016-5812
value:	LOW
Trust: 0.8
CNVD:	CNVD-2016-06702
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201608-429
value:	LOW
Trust: 0.6
VULHUB:	VHN-94631
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-5812
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-06702
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-94631
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5812
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-06702 // VULHUB: VHN-94631 // JVNDB: JVNDB-2016-004450 // CNNVD: CNNVD-201608-429 // NVD: CVE-2016-5812

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-94631 // JVNDB: JVNDB-2016-004450 // NVD: CVE-2016-5812

THREAT TYPE

local

Trust: 0.9

sources: BID: 92605 // CNNVD: CNNVD-201608-429

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201608-429

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004450

PATCH

title:	Firmware for OnCell G3100V2 Series	url:	http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=416&type_id=4	Trust: 0.8
title:	Firmware for OnCell G3111/G3151/G3211/G3251 Series	url:	http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=316&type_id=4	Trust: 0.8
title:	Patches for multiple Moxa product information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/80730	Trust: 0.6
title:	Multiple Moxa Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63755	Trust: 0.6

sources: CNVD: CNVD-2016-06702 // JVNDB: JVNDB-2016-004450 // CNNVD: CNNVD-201608-429

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5812	Trust: 3.4
db:	ICS CERT	id:	ICSA-16-236-01	Trust: 3.4
db:	BID	id:	92605	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-004450	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-429	Trust: 0.7
db:	CNVD	id:	CNVD-2016-06702	Trust: 0.6
db:	VULHUB	id:	VHN-94631	Trust: 0.1

sources: CNVD: CNVD-2016-06702 // VULHUB: VHN-94631 // BID: 92605 // JVNDB: JVNDB-2016-004450 // CNNVD: CNNVD-201608-429 // NVD: CVE-2016-5812

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-236-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/92605	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5812	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5812	Trust: 0.8
url:	http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=316&type_id=4	Trust: 0.6
url:	http://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=416&type_id=4	Trust: 0.6
url:	http://www.moxa.com/	Trust: 0.3

sources: CNVD: CNVD-2016-06702 // VULHUB: VHN-94631 // BID: 92605 // JVNDB: JVNDB-2016-004450 // CNNVD: CNNVD-201608-429 // NVD: CVE-2016-5812

CREDITS

Maxim Rupp.

Trust: 0.3

sources: BID: 92605

SOURCES

db:	CNVD	id:	CNVD-2016-06702
db:	VULHUB	id:	VHN-94631
db:	BID	id:	92605
db:	JVNDB	id:	JVNDB-2016-004450
db:	CNNVD	id:	CNNVD-201608-429
db:	NVD	id:	CVE-2016-5812

LAST UPDATE DATE

2025-04-13T23:02:46.992000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06702	date:	2016-08-25T00:00:00
db:	VULHUB	id:	VHN-94631	date:	2016-11-28T00:00:00
db:	BID	id:	92605	date:	2016-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2016-004450	date:	2016-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201608-429	date:	2016-08-24T00:00:00
db:	NVD	id:	CVE-2016-5812	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06702	date:	2016-08-25T00:00:00
db:	VULHUB	id:	VHN-94631	date:	2016-08-24T00:00:00
db:	BID	id:	92605	date:	2016-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2016-004450	date:	2016-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201608-429	date:	2016-08-24T00:00:00
db:	NVD	id:	CVE-2016-5812	date:	2016-08-24T02:00:24.963