Sign-up

ID

VAR-201702-0847


CVE

CVE-2016-9344


TITLE

Moxa MiiNePort Session Hijacking Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-12354 // CNNVD: CNNVD-201612-235

DESCRIPTION

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. There are security holes in Moxa MiiNePort. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions

Trust: 2.52

sources: NVD: CVE-2016-9344 // JVNDB: JVNDB-2016-007683 // CNVD: CNVD-2016-12354 // BID: 94783 // VULHUB: VHN-98164

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12354

AFFECTED PRODUCTS

vendor:moxamodel:miineport e2scope:lteversion:1.3

Trust: 1.0

vendor:moxamodel:miineport e3scope:lteversion:1.0

Trust: 1.0

vendor:moxamodel:miineport e1scope:lteversion:1.7

Trust: 1.0

vendor:moxamodel:miineport e3scope:eqversion:1.0

Trust: 0.9

vendor:moxamodel:miineport e1scope: - version: -

Trust: 0.8

vendor:moxamodel:miineport e1scope:ltversion:1.8

Trust: 0.8

vendor:moxamodel:miineport e2scope: - version: -

Trust: 0.8

vendor:moxamodel:miineport e2scope:ltversion:1.4

Trust: 0.8

vendor:moxamodel:miineport e3scope: - version: -

Trust: 0.8

vendor:moxamodel:miineport e3scope:ltversion:1.1

Trust: 0.8

vendor:moxamodel:miineportscope: - version: -

Trust: 0.6

vendor:moxamodel:miineport e2scope:eqversion:1.3

Trust: 0.6

vendor:moxamodel:miineport e1scope:eqversion:1.7

Trust: 0.6

vendor:moxamodel:miineport e2scope:eqversion:1.0

Trust: 0.3

vendor:moxamodel:miineport e1scope:eqversion:1.0

Trust: 0.3

vendor:moxamodel:miineport e3scope:neversion:1.1

Trust: 0.3

vendor:moxamodel:miineport e2scope:neversion:1.4

Trust: 0.3

vendor:moxamodel:miineport e1scope:neversion:1.8

Trust: 0.3

sources: CNVD: CNVD-2016-12354 // BID: 94783 // JVNDB: JVNDB-2016-007683 // CNNVD: CNNVD-201612-235 // NVD: CVE-2016-9344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9344
value: HIGH

Trust: 1.0

NVD: CVE-2016-9344
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-12354
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-235
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98164
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9344
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12354
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98164
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9344
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12354 // VULHUB: VHN-98164 // JVNDB: JVNDB-2016-007683 // CNNVD: CNNVD-201612-235 // NVD: CVE-2016-9344

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-98164 // JVNDB: JVNDB-2016-007683 // NVD: CVE-2016-9344

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-235

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201612-235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007683

PATCH
title:シリアル−イーサネット・モジュールurl:http://japan.moxa.com/product/Serial_to_Ethernet_embedded_Device_server.htm
Trust: 0.8
title:Patch for Moxa MiiNePort Session Hijacking Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/85874
Trust: 0.6
title:Moxa MiiNePort Repair measures for session hijacking vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66272
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12354 // 
            
            
            
            JVNDB: JVNDB-2016-007683 // 
            
            
            
            CNNVD: CNNVD-201612-235

EXTERNAL IDS
db:NVDid:CVE-2016-9344
Trust: 3.4
db:ICS CERTid:ICSA-16-343-01
Trust: 3.4
db:BIDid:94783
Trust: 2.0
db:JVNDBid:JVNDB-2016-007683
Trust: 0.8
db:CNNVDid:CNNVD-201612-235
Trust: 0.7
db:CNVDid:CNVD-2016-12354
Trust: 0.6
db:VULHUBid:VHN-98164
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12354 // 
            
            
            
            VULHUB: VHN-98164 // 
            
            
            
            BID: 94783 // 
            
            
            
            JVNDB: JVNDB-2016-007683 // 
            
            
            
            CNNVD: CNNVD-201612-235 // 
            
            
            
            NVD: CVE-2016-9344

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-343-01
Trust: 3.4
url:http://www.securityfocus.com/bid/94783
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9344
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9344
Trust: 0.8
url:http://www.moxa.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12354 // 
            
            
            
            VULHUB: VHN-98164 // 
            
            
            
            BID: 94783 // 
            
            
            
            JVNDB: JVNDB-2016-007683 // 
            
            
            
            CNNVD: CNNVD-201612-235 // 
            
            
            
            NVD: CVE-2016-9344

CREDITS
Aditya Sood
Trust: 0.3
sources:
            
            
            BID: 94783

SOURCES
db:CNVDid:CNVD-2016-12354
db:VULHUBid:VHN-98164
db:BIDid:94783
db:JVNDBid:JVNDB-2016-007683
db:CNNVDid:CNNVD-201612-235
db:NVDid:CVE-2016-9344

LAST UPDATE DATE
2025-04-20T23:26:09.689000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12354date:2016-12-15T00:00:00
db:VULHUBid:VHN-98164date:2017-02-23T00:00:00
db:BIDid:94783date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-007683date:2017-03-10T00:00:00
db:CNNVDid:CNNVD-201612-235date:2016-12-09T00:00:00
db:NVDid:CVE-2016-9344date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12354date:2016-12-15T00:00:00
db:VULHUBid:VHN-98164date:2017-02-13T00:00:00
db:BIDid:94783date:2016-12-08T00:00:00
db:JVNDBid:JVNDB-2016-007683date:2017-03-10T00:00:00
db:CNNVDid:CNNVD-201612-235date:2016-12-09T00:00:00
db:NVDid:CVE-2016-9344date:2017-02-13T21:59:01.720