Sign-up

ID

VAR-201702-0920


CVE

CVE-2016-9332


TITLE

Moxa SoftCMS input validation vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-11355 // CNNVD: CNNVD-201611-431

DESCRIPTION

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. Moxa SoftCMS of Web The server does not properly validate the input, resulting in service disruption (DoS) There are vulnerabilities that are put into a state.Denial of service operation by passing an unexpected value by an attacker (DoS) There is a possibility of being put into a state. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. An attacker exploiting the vulnerability could cause the application to crash. Moxa SoftCMS is prone to multiple security vulnerabilities

Trust: 2.52

sources: NVD: CVE-2016-9332 // JVNDB: JVNDB-2016-007634 // CNVD: CNVD-2016-11355 // BID: 94394 // VULHUB: VHN-98152

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11355

AFFECTED PRODUCTS

vendor:moxamodel:softcmsscope:eqversion:1.5

Trust: 1.5

vendor:moxamodel:softcmsscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:softcmsscope:eqversion:1.4

Trust: 0.9

vendor:moxamodel:softcmsscope:eqversion:1.3

Trust: 0.9

vendor:moxamodel:softcmsscope:eqversion:1.2

Trust: 0.9

vendor:moxamodel:softcmsscope:ltversion:1.6

Trust: 0.8

vendor:moxamodel:softcmsscope:neversion:1.6

Trust: 0.3

sources: CNVD: CNVD-2016-11355 // BID: 94394 // JVNDB: JVNDB-2016-007634 // CNNVD: CNNVD-201611-431 // NVD: CVE-2016-9332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9332
value: HIGH

Trust: 1.0

NVD: CVE-2016-9332
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11355
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201611-431
value: HIGH

Trust: 0.6

VULHUB: VHN-98152
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-9332
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11355
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98152
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9332
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11355 // VULHUB: VHN-98152 // JVNDB: JVNDB-2016-007634 // CNNVD: CNNVD-201611-431 // NVD: CVE-2016-9332

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-98152 // JVNDB: JVNDB-2016-007634 // NVD: CVE-2016-9332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-431

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201611-431

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007634

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-98152

PATCH
title:SoftCMSurl:http://www.moxa.com/product/SoftCMS.htm
Trust: 0.8
title:Patch for Moxa SoftCMS input validation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/84137
Trust: 0.6
title:Moxa SoftCMS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65772
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-11355 // 
            
            
            
            JVNDB: JVNDB-2016-007634 // 
            
            
            
            CNNVD: CNNVD-201611-431

EXTERNAL IDS
db:NVDid:CVE-2016-9332
Trust: 3.4
db:ICS CERTid:ICSA-16-322-02
Trust: 2.8
db:BIDid:94394
Trust: 2.6
db:EXPLOIT-DBid:40779
Trust: 1.1
db:JVNDBid:JVNDB-2016-007634
Trust: 0.8
db:CNNVDid:CNNVD-201611-431
Trust: 0.7
db:CNVDid:CNVD-2016-11355
Trust: 0.6
db:ZDIid:ZDI-16-615
Trust: 0.3
db:VULHUBid:VHN-98152
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11355 // 
            
            
            
            VULHUB: VHN-98152 // 
            
            
            
            BID: 94394 // 
            
            
            
            JVNDB: JVNDB-2016-007634 // 
            
            
            
            CNNVD: CNNVD-201611-431 // 
            
            
            
            NVD: CVE-2016-9332

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-322-02
Trust: 2.8
url:http://www.securityfocus.com/bid/94394
Trust: 2.3
url:https://www.exploit-db.com/exploits/40779/
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9332
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9332
Trust: 0.8
url:http://www.moxa.com/product/softcms.htm
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-615/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-11355 // 
            
            
            
            VULHUB: VHN-98152 // 
            
            
            
            BID: 94394 // 
            
            
            
            JVNDB: JVNDB-2016-007634 // 
            
            
            
            CNNVD: CNNVD-201611-431 // 
            
            
            
            NVD: CVE-2016-9332

CREDITS
Zhou Yu working with Trend Micro???s Zero Day Initiative and Gu Ziqiang from Huawei Weiran Labs.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201611-431

SOURCES
db:CNVDid:CNVD-2016-11355
db:VULHUBid:VHN-98152
db:BIDid:94394
db:JVNDBid:JVNDB-2016-007634
db:CNNVDid:CNNVD-201611-431
db:NVDid:CVE-2016-9332

LAST UPDATE DATE
2025-04-20T23:22:30.173000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11355date:2016-11-21T00:00:00
db:VULHUBid:VHN-98152date:2017-09-03T00:00:00
db:BIDid:94394date:2016-12-20T16:03:00
db:JVNDBid:JVNDB-2016-007634date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201611-431date:2016-11-22T00:00:00
db:NVDid:CVE-2016-9332date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11355date:2016-11-21T00:00:00
db:VULHUBid:VHN-98152date:2017-02-13T00:00:00
db:BIDid:94394date:2016-11-17T00:00:00
db:JVNDBid:JVNDB-2016-007634date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201611-431date:2016-11-22T00:00:00
db:NVDid:CVE-2016-9332date:2017-02-13T21:59:01.503