Sign-up

ID

VAR-201705-3759


CVE

CVE-2017-7913


TITLE

plural Moxa OnCell Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-004537

DESCRIPTION

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext. plural Moxa OnCell The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3110-HSPA is a product of China's Moxa Corporation. The OnCellG3110-HSPA is an industrial-grade IP gateway. The OnCell5104-HSPA is an industrial-grade cellular router. A plaintext password vulnerability exists in several Moxa products. An attacker could exploit this vulnerability to obtain sensitive information. Attackers may exploit these issues to bypass authentication mechanism and gain unauthorized access, to gain sensitive information and perform certain unauthorized actions in the context of the affected application. Other attacks are also possible

Trust: 2.52

sources: NVD: CVE-2017-7913 // JVNDB: JVNDB-2017-004537 // CNVD: CNVD-2017-09879 // BID: 98626 // VULHUB: VHN-116116

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-09879

AFFECTED PRODUCTS

vendor:moxamodel:oncell 5004-hspascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell 5104-hspascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell 5104-hsdpascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell g3110-hspascope:lteversion:1.3

Trust: 1.0

vendor:moxamodel:oncell g3110-hsdpascope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:oncell g3150-hsdpascope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:oncell 5004-hspascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell 5104-hspascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell 5104-hsdpascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell g3110-hsdpascope:lteversion:1.2 build 09123015

Trust: 0.8

vendor:moxamodel:oncell g3110-hspascope:lteversion:1.3 build 15082117

Trust: 0.8

vendor:moxamodel:oncell g3150-hsdpascope:lteversion:1.4 build 11051315

Trust: 0.8

vendor:moxamodel:oncell g3150-hsdpa buildscope:lteversion:<=1.411051315

Trust: 0.6

vendor:moxamodel:oncell g3110-hsdpa buildscope:lteversion:<=1.209123015

Trust: 0.6

vendor:moxamodel:oncell g3110-hspa buildscope:lteversion:<=1.315082117

Trust: 0.6

vendor:moxamodel:oncell 5104-hsdpascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3150-hsdpascope:eqversion:1.4

Trust: 0.6

vendor:moxamodel:oncell 5004-hspascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3110-hsdpascope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:oncell g3110-hspascope:eqversion:1.3

Trust: 0.6

vendor:moxamodel:oncell 5104-hspascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3150-hsdpa buildscope:eqversion:1.411051315

Trust: 0.3

vendor:moxamodel:oncell g3110-hspa buildscope:eqversion:1.315082117

Trust: 0.3

vendor:moxamodel:oncell g3110-hsdpa buildscope:eqversion:1.209123015

Trust: 0.3

vendor:moxamodel:oncell 5104-hspascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell 5104-hsdpascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell 5004-hspascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell g3110-hspascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:oncell 5104-hspascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:oncell 5004-hspascope:neversion:1.4

Trust: 0.3

sources: CNVD: CNVD-2017-09879 // BID: 98626 // JVNDB: JVNDB-2017-004537 // CNNVD: CNNVD-201705-1238 // NVD: CVE-2017-7913

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7913
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7913
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-09879
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-1238
value: CRITICAL

Trust: 0.6

VULHUB: VHN-116116
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7913
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-09879
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116116
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7913
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-09879 // VULHUB: VHN-116116 // JVNDB: JVNDB-2017-004537 // CNNVD: CNNVD-201705-1238 // NVD: CVE-2017-7913

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-256

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-116116 // JVNDB: JVNDB-2017-004537 // NVD: CVE-2017-7913

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1238

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201705-1238

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004537

PATCH
title:OnCell G3110/G3150-HSPAurl:http://japan.moxa.com/product/OnCell_G3110_G3150-HSPA.htm
Trust: 0.8
title:OnCell 5004/OnCell 5104-HSPAurl:http://japan.moxa.com/product/OnCell_5004_5104-HSPA.htm
Trust: 0.8
title:Patches for plaintext password vulnerabilities in several Moxa productsurl:https://www.cnvd.org.cn/patchInfo/show/95502
Trust: 0.6
title:Various Moss product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70580
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-09879 // 
            
            
            
            JVNDB: JVNDB-2017-004537 // 
            
            
            
            CNNVD: CNNVD-201705-1238

EXTERNAL IDS
db:ICS CERTid:ICSA-17-143-01
Trust: 3.4
db:NVDid:CVE-2017-7913
Trust: 3.4
db:BIDid:98626
Trust: 0.9
db:JVNDBid:JVNDB-2017-004537
Trust: 0.8
db:CNNVDid:CNNVD-201705-1238
Trust: 0.7
db:CNVDid:CNVD-2017-09879
Trust: 0.6
db:VULHUBid:VHN-116116
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-09879 // 
            
            
            
            VULHUB: VHN-116116 // 
            
            
            
            BID: 98626 // 
            
            
            
            JVNDB: JVNDB-2017-004537 // 
            
            
            
            CNNVD: CNNVD-201705-1238 // 
            
            
            
            NVD: CVE-2017-7913

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-143-01
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7913
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7913
Trust: 0.8
url:http://www.securityfocus.com/bid/98626
Trust: 0.6
url:http://www.moxa.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-09879 // 
            
            
            
            VULHUB: VHN-116116 // 
            
            
            
            BID: 98626 // 
            
            
            
            JVNDB: JVNDB-2017-004537 // 
            
            
            
            CNNVD: CNNVD-201705-1238 // 
            
            
            
            NVD: CVE-2017-7913

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 98626 // 
            
            
            
            CNNVD: CNNVD-201705-1238

SOURCES
db:CNVDid:CNVD-2017-09879
db:VULHUBid:VHN-116116
db:BIDid:98626
db:JVNDBid:JVNDB-2017-004537
db:CNNVDid:CNNVD-201705-1238
db:NVDid:CVE-2017-7913

LAST UPDATE DATE
2025-04-20T23:13:06.944000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-09879date:2017-06-16T00:00:00
db:VULHUBid:VHN-116116date:2019-10-09T00:00:00
db:BIDid:98626date:2017-05-23T00:00:00
db:JVNDBid:JVNDB-2017-004537date:2017-06-28T00:00:00
db:CNNVDid:CNNVD-201705-1238date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7913date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-09879date:2017-06-16T00:00:00
db:VULHUBid:VHN-116116date:2017-05-29T00:00:00
db:BIDid:98626date:2017-05-23T00:00:00
db:JVNDBid:JVNDB-2017-004537date:2017-06-28T00:00:00
db:CNNVDid:CNNVD-201705-1238date:2017-05-23T00:00:00
db:NVDid:CVE-2017-7913date:2017-05-29T16:29:00.180