Sign-up

ID

VAR-201702-0849


CVE

CVE-2016-9346


TITLE

plural Moxa MiiNePort Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007684

DESCRIPTION

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. An information disclosure vulnerability exists in Moxa MiiNePort, which originated from the program's failure to encrypt configuration data in files. An attacker could use this vulnerability to gain access to the target system. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions

Trust: 2.52

sources: NVD: CVE-2016-9346 // JVNDB: JVNDB-2016-007684 // CNVD: CNVD-2016-12353 // BID: 94783 // VULHUB: VHN-98166

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12353

AFFECTED PRODUCTS

vendor:moxamodel:miineport e2scope:lteversion:1.3

Trust: 1.0

vendor:moxamodel:miineport e3scope:lteversion:1.0

Trust: 1.0

vendor:moxamodel:miineport e1scope:lteversion:1.7

Trust: 1.0

vendor:moxamodel:miineport e3scope:eqversion:1.0

Trust: 0.9

vendor:moxamodel:miineport e1scope: - version: -

Trust: 0.8

vendor:moxamodel:miineport e1scope:ltversion:1.8

Trust: 0.8

vendor:moxamodel:miineport e2scope: - version: -

Trust: 0.8

vendor:moxamodel:miineport e2scope:ltversion:1.4

Trust: 0.8

vendor:moxamodel:miineport e3scope: - version: -

Trust: 0.8

vendor:moxamodel:miineport e3scope:ltversion:1.1

Trust: 0.8

vendor:moxamodel:miineportscope: - version: -

Trust: 0.6

vendor:moxamodel:miineport e2scope:eqversion:1.3

Trust: 0.6

vendor:moxamodel:miineport e1scope:eqversion:1.7

Trust: 0.6

vendor:moxamodel:miineport e2scope:eqversion:1.0

Trust: 0.3

vendor:moxamodel:miineport e1scope:eqversion:1.0

Trust: 0.3

vendor:moxamodel:miineport e3scope:neversion:1.1

Trust: 0.3

vendor:moxamodel:miineport e2scope:neversion:1.4

Trust: 0.3

vendor:moxamodel:miineport e1scope:neversion:1.8

Trust: 0.3

sources: CNVD: CNVD-2016-12353 // BID: 94783 // JVNDB: JVNDB-2016-007684 // CNNVD: CNNVD-201612-234 // NVD: CVE-2016-9346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9346
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9346
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-12353
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-234
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98166
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9346
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12353
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98166
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9346
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12353 // VULHUB: VHN-98166 // JVNDB: JVNDB-2016-007684 // CNNVD: CNNVD-201612-234 // NVD: CVE-2016-9346

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-98166 // JVNDB: JVNDB-2016-007684 // NVD: CVE-2016-9346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-234

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201612-234

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007684

PATCH
title:シリアル−イーサネット・モジュールurl:http://japan.moxa.com/product/Serial_to_Ethernet_embedded_Device_server.htm
Trust: 0.8
title:Patch for Moxa MiiNePort Information Disclosure Vulnerability (CNVD-2016-12353)url:https://www.cnvd.org.cn/patchInfo/show/85875
Trust: 0.6
title:Moxa MiiNePort Repair measures for session hijacking vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66271
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12353 // 
            
            
            
            JVNDB: JVNDB-2016-007684 // 
            
            
            
            CNNVD: CNNVD-201612-234

EXTERNAL IDS
db:NVDid:CVE-2016-9346
Trust: 3.4
db:ICS CERTid:ICSA-16-343-01
Trust: 3.4
db:BIDid:94783
Trust: 2.0
db:JVNDBid:JVNDB-2016-007684
Trust: 0.8
db:CNNVDid:CNNVD-201612-234
Trust: 0.7
db:CNVDid:CNVD-2016-12353
Trust: 0.6
db:VULHUBid:VHN-98166
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12353 // 
            
            
            
            VULHUB: VHN-98166 // 
            
            
            
            BID: 94783 // 
            
            
            
            JVNDB: JVNDB-2016-007684 // 
            
            
            
            CNNVD: CNNVD-201612-234 // 
            
            
            
            NVD: CVE-2016-9346

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-343-01
Trust: 3.4
url:http://www.securityfocus.com/bid/94783
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9346
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9346
Trust: 0.8
url:http://www.moxa.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12353 // 
            
            
            
            VULHUB: VHN-98166 // 
            
            
            
            BID: 94783 // 
            
            
            
            JVNDB: JVNDB-2016-007684 // 
            
            
            
            CNNVD: CNNVD-201612-234 // 
            
            
            
            NVD: CVE-2016-9346

CREDITS
Aditya Sood
Trust: 0.3
sources:
            
            
            BID: 94783

SOURCES
db:CNVDid:CNVD-2016-12353
db:VULHUBid:VHN-98166
db:BIDid:94783
db:JVNDBid:JVNDB-2016-007684
db:CNNVDid:CNNVD-201612-234
db:NVDid:CVE-2016-9346

LAST UPDATE DATE
2025-04-20T23:26:13.332000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12353date:2016-12-15T00:00:00
db:VULHUBid:VHN-98166date:2017-02-23T00:00:00
db:BIDid:94783date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-007684date:2017-03-10T00:00:00
db:CNNVDid:CNNVD-201612-234date:2016-12-09T00:00:00
db:NVDid:CVE-2016-9346date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12353date:2016-12-15T00:00:00
db:VULHUBid:VHN-98166date:2017-02-13T00:00:00
db:BIDid:94783date:2016-12-08T00:00:00
db:JVNDBid:JVNDB-2016-007684date:2017-03-10T00:00:00
db:CNNVDid:CNNVD-201612-234date:2016-12-09T00:00:00
db:NVDid:CVE-2016-9346date:2017-02-13T21:59:01.800