Details of VAR-201702-0072

ID

VAR-201702-0072

CVE

CVE-2016-8363

TITLE

plural Moxa OnCell Any on the server in series products OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007997

DESCRIPTION

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. MOXAOnCell is an industrial grade IP gateway product. Moxa OnCellG3470A-LTE etc

Trust: 2.61

sources: NVD: CVE-2016-8363 // JVNDB: JVNDB-2016-007997 // CNVD: CNVD-2016-10730 // BID: 94092 // VULHUB: VHN-97183 // VULMON: CVE-2016-8363

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-10730

AFFECTED PRODUCTS

vendor:	moxa	model:	oncellg3470a-lte	scope:	-	version:	-	Trust: 1.4
vendor:	moxa	model:	awk-3131a	scope:	lte	version:	10-31-2016	Trust: 1.0
vendor:	moxa	model:	awk-3191	scope:	lte	version:	05-30-2017	Trust: 1.0
vendor:	moxa	model:	wac-1001 v2	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-1131a	scope:	lte	version:	10-31-2016	Trust: 1.0
vendor:	moxa	model:	awk-1121	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-5232-m12-rcc	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-1127	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	wac-2004	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-4131a	scope:	lte	version:	10-31-2016	Trust: 1.0
vendor:	moxa	model:	oncellg3470a-lte	scope:	lte	version:	10-31-2016	Trust: 1.0
vendor:	moxa	model:	awk-5232	scope:	lte	version:	05-30-2017	Trust: 1.0
vendor:	moxa	model:	awk-3131-m12-rcc	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-6232	scope:	lte	version:	05-30-2017	Trust: 1.0
vendor:	moxa	model:	awk-3121-m12-rtg	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-1121	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-1127	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-1131a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-3121-m12-rtg	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-3131-m12-rcc	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-3131a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-3191	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-4131a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-5232	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-5232-m12-rcc	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-6232	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	wac-1001 v2	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	wac-2004	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-5222/6222 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3131/4131 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3121/4121 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	tap-6226 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-5232-m12-rcc series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3131-m12-rcc series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3121-m12-rtg series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	wac-2004 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	wac-1001 series	scope:	eq	version:	v2	Trust: 0.6
vendor:	moxa	model:	awk-1121/1127 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-5232/6232 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3191 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-1131a	scope:	eq	version:	10-31-2016	Trust: 0.6
vendor:	moxa	model:	awk-6232	scope:	eq	version:	05-30-2017	Trust: 0.6
vendor:	moxa	model:	awk-3121-m12-rtg	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	awk-5232	scope:	eq	version:	05-30-2017	Trust: 0.6
vendor:	moxa	model:	awk-5232-m12-rcc	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	wac-1001 v2	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	awk-1121	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	wac-2004	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	awk-1127	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	awk-3131-m12-rcc	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	wac-2004	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	wac-1001	scope:	eq	version:	v20	Trust: 0.3
vendor:	moxa	model:	tap-6226	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	oncellg3470a-lte	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-6232	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-6222	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-5232-m12-rcc	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-5232	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-5222	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-4131a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-4131	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-4121	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3191	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3131a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3131-m12-rcc	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3131	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3121-m12-rtg	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3121	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-1131a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-1127	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-1121	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2016-10730 // BID: 94092 // JVNDB: JVNDB-2016-007997 // CNNVD: CNNVD-201611-109 // NVD: CVE-2016-8363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8363
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-8363
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2016-10730
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201611-109
value:	HIGH
Trust: 0.6
VULHUB:	VHN-97183
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-8363
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8363
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-10730
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97183
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8363
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-10730 // VULHUB: VHN-97183 // VULMON: CVE-2016-8363 // JVNDB: JVNDB-2016-007997 // CNNVD: CNNVD-201611-109 // NVD: CVE-2016-8363

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-97183 // JVNDB: JVNDB-2016-007997 // NVD: CVE-2016-8363

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-109

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-109

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007997

PATCH

title:	Top Page	url:	http://www.moxa.com/	Trust: 0.8
title:	MoxaOnCellSeries product OS command execution vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/83629	Trust: 0.6
title:	Moxa OnCell Repair measures for operating system command execution vulnerabilities in series products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65482	Trust: 0.6
title:	Moxa OnCell Repair measures for operating system command execution vulnerabilities in series products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65335	Trust: 0.6

sources: CNVD: CNVD-2016-10730 // JVNDB: JVNDB-2016-007997 // CNNVD: CNNVD-201611-109

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8363	Trust: 3.5
db:	ICS CERT	id:	ICSA-16-308-01	Trust: 3.5
db:	BID	id:	94092	Trust: 2.7
db:	JVNDB	id:	JVNDB-2016-007997	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-109	Trust: 0.7
db:	CNVD	id:	CNVD-2016-10730	Trust: 0.6
db:	VULHUB	id:	VHN-97183	Trust: 0.1
db:	VULMON	id:	CVE-2016-8363	Trust: 0.1

sources: CNVD: CNVD-2016-10730 // VULHUB: VHN-97183 // VULMON: CVE-2016-8363 // BID: 94092 // JVNDB: JVNDB-2016-007997 // CNNVD: CNNVD-201611-109 // NVD: CVE-2016-8363

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-308-01	Trust: 3.6
url:	http://www.securityfocus.com/bid/94092	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8363	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8363	Trust: 0.8
url:	http://www.moxa.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2016-10730 // VULHUB: VHN-97183 // VULMON: CVE-2016-8363 // BID: 94092 // JVNDB: JVNDB-2016-007997 // CNNVD: CNNVD-201611-109 // NVD: CVE-2016-8363

CREDITS

Maxim Rupp

Trust: 0.9

sources: BID: 94092 // CNNVD: CNNVD-201611-109

SOURCES

db:	CNVD	id:	CNVD-2016-10730
db:	VULHUB	id:	VHN-97183
db:	VULMON	id:	CVE-2016-8363
db:	BID	id:	94092
db:	JVNDB	id:	JVNDB-2016-007997
db:	CNNVD	id:	CNNVD-201611-109
db:	NVD	id:	CVE-2016-8363

LAST UPDATE DATE

2025-04-20T22:59:33.743000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10730	date:	2016-11-08T00:00:00
db:	VULHUB	id:	VHN-97183	date:	2017-03-16T00:00:00
db:	VULMON	id:	CVE-2016-8363	date:	2017-03-16T00:00:00
db:	BID	id:	94092	date:	2016-11-24T01:07:00
db:	JVNDB	id:	JVNDB-2016-007997	date:	2017-04-06T00:00:00
db:	CNNVD	id:	CNNVD-201611-109	date:	2016-11-08T00:00:00
db:	NVD	id:	CVE-2016-8363	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-10730	date:	2016-11-08T00:00:00
db:	VULHUB	id:	VHN-97183	date:	2017-02-13T00:00:00
db:	VULMON	id:	CVE-2016-8363	date:	2017-02-13T00:00:00
db:	BID	id:	94092	date:	2016-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-007997	date:	2017-04-06T00:00:00
db:	CNNVD	id:	CNNVD-201611-109	date:	2016-11-08T00:00:00
db:	NVD	id:	CVE-2016-8363	date:	2017-02-13T21:59:01.080