Details of VAR-201710-0073

ID

VAR-201710-0073

CVE

CVE-2016-5789

TITLE

JanTek JTC-200 Cross-Site Request Forgery Vulnerability

Trust: 1.4

sources: IVD: 325f9baf-c4b5-484f-bbc3-c48fd68beff5 // CNVD: CNVD-2017-32100 // CNNVD: CNNVD-201710-530

DESCRIPTION

A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. JanTek JTC-200 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The JanTekJTC-200 is a TCP/IP converter (serial server) from JanTek Technology. A remote attacker could exploit the vulnerability to perform unauthorized operations as a user. This may aid in further attacks. Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication Advisory URL: https://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02 CVE-ID CVE-2016-5789 CVE-2016-5791 Detailed Proof of Concept: https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/ ------------------------ AFFECTED PRODUCTS ------------------------ The following versions of JTC-200, a TCP/IP converter, are affected: JTC-200 all versions. ------------------------ BACKGROUND ------------------------ Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Europe and Asia Company Headquarters Location: Taiwan ------------------------ IMPACT ------------------------ Successful exploitation of these vulnerabilities allow for remote code execution on the device with elevated privileges. A CVSS v3 base score of 8.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). IMPROPER AUTHENTICATION CWE-287 The improper authentication could provide undocumented Busybox Linux shell accessible over Telnet service without any authentication. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). --------- Trying IP... Connected to IP. Escape character is '^]'. BusyBox v0.60.4 (2008.02.21-16:59+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. # BusyBox v0.60.4 (2008.02.21-16:59+0000) multi-call binary Usage: busybox [function] [arguments]... or: [function] [arguments]... BusyBox is a multi-call binary that combines many common Unix utilities into a single executable. Most people will create a link to busybox for each function they wish to use, and BusyBox will act like whatever it was invoked as. Currently defined functions: [, busybox, cat, cp, df, hostname, ifconfig, init, kill, killall, ls, mkdir, mknod, mount, msh, mv, ping, ps, pwd, rm, sh, test, touch, vi # # ls bin dev etc nfs proc swap usb var # cd etc # ls ConfigPage WRConfig.ini config inetd.conf inittab ppp protocols rc resolv.conf services # cat inetd.conf telnet stream tcpnowait root /bin/telnetd # --------- ------------------------ Technical Details ------------------------ https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/ +++++ Best Regards, Karn Ganeshen

Trust: 2.79

sources: NVD: CVE-2016-5789 // JVNDB: JVNDB-2016-008847 // CNVD: CNVD-2017-32100 // BID: 101224 // IVD: 325f9baf-c4b5-484f-bbc3-c48fd68beff5 // VULHUB: VHN-94608 // PACKETSTORM: 144816

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 325f9baf-c4b5-484f-bbc3-c48fd68beff5 // CNVD: CNVD-2017-32100

AFFECTED PRODUCTS

vendor:	jantek	model:	jtc-200	scope:	-	version:	-	Trust: 1.2
vendor:	jantek	model:	jtc-200	scope:	eq	version:	*	Trust: 1.0
vendor:	jantek	model:	jtc-200	scope:	eq	version:	-	Trust: 0.8
vendor:	jantek	model:	jtc-200	scope:	eq	version:	0	Trust: 0.3
vendor:	jtc 200	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 325f9baf-c4b5-484f-bbc3-c48fd68beff5 // CNVD: CNVD-2017-32100 // BID: 101224 // JVNDB: JVNDB-2016-008847 // CNNVD: CNNVD-201710-530 // NVD: CVE-2016-5789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5789
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-5789
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32100
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201710-530
value:	MEDIUM
Trust: 0.6
IVD:	325f9baf-c4b5-484f-bbc3-c48fd68beff5
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-94608
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-5789
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-32100
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	325f9baf-c4b5-484f-bbc3-c48fd68beff5
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-94608
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5789
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 325f9baf-c4b5-484f-bbc3-c48fd68beff5 // CNVD: CNVD-2017-32100 // VULHUB: VHN-94608 // JVNDB: JVNDB-2016-008847 // CNNVD: CNNVD-201710-530 // NVD: CVE-2016-5789

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-94608 // JVNDB: JVNDB-2016-008847 // NVD: CVE-2016-5789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-530

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201710-530

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008847

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-94608

PATCH

title:

Top Page

url:

http://www.jantek.com/

Trust: 0.8

sources: JVNDB: JVNDB-2016-008847

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5789	Trust: 3.7
db:	ICS CERT	id:	ICSA-17-283-02	Trust: 3.5
db:	CNNVD	id:	CNNVD-201710-530	Trust: 0.9
db:	CNVD	id:	CNVD-2017-32100	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-008847	Trust: 0.8
db:	BID	id:	101224	Trust: 0.3
db:	IVD	id:	325F9BAF-C4B5-484F-BBC3-C48FD68BEFF5	Trust: 0.2
db:	PACKETSTORM	id:	144816	Trust: 0.2
db:	VULHUB	id:	VHN-94608	Trust: 0.1

sources: IVD: 325f9baf-c4b5-484f-bbc3-c48fd68beff5 // CNVD: CNVD-2017-32100 // VULHUB: VHN-94608 // BID: 101224 // JVNDB: JVNDB-2016-008847 // PACKETSTORM: 144816 // CNNVD: CNNVD-201710-530 // NVD: CVE-2016-5789

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-283-02	Trust: 3.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5789	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5789	Trust: 0.8
url:	http://www.jantek.com.tw	Trust: 0.3
url:	http://www.jantek.com.tw/en/product/73	Trust: 0.3
url:	https://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5791	Trust: 0.1
url:	https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/	Trust: 0.1

sources: CNVD: CNVD-2017-32100 // VULHUB: VHN-94608 // BID: 101224 // JVNDB: JVNDB-2016-008847 // PACKETSTORM: 144816 // CNNVD: CNNVD-201710-530 // NVD: CVE-2016-5789

CREDITS

Karn Ganeshan

Trust: 0.3

sources: BID: 101224

SOURCES

db:	IVD	id:	325f9baf-c4b5-484f-bbc3-c48fd68beff5
db:	CNVD	id:	CNVD-2017-32100
db:	VULHUB	id:	VHN-94608
db:	BID	id:	101224
db:	JVNDB	id:	JVNDB-2016-008847
db:	PACKETSTORM	id:	144816
db:	CNNVD	id:	CNNVD-201710-530
db:	NVD	id:	CVE-2016-5789

LAST UPDATE DATE

2025-04-20T23:23:35.454000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32100	date:	2017-10-31T00:00:00
db:	VULHUB	id:	VHN-94608	date:	2017-11-03T00:00:00
db:	BID	id:	101224	date:	2017-12-19T22:36:00
db:	JVNDB	id:	JVNDB-2016-008847	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201710-530	date:	2017-10-18T00:00:00
db:	NVD	id:	CVE-2016-5789	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	325f9baf-c4b5-484f-bbc3-c48fd68beff5	date:	2017-10-31T00:00:00
db:	CNVD	id:	CNVD-2017-32100	date:	2017-10-31T00:00:00
db:	VULHUB	id:	VHN-94608	date:	2017-10-13T00:00:00
db:	BID	id:	101224	date:	2017-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-008847	date:	2017-11-10T00:00:00
db:	PACKETSTORM	id:	144816	date:	2017-10-31T13:33:33
db:	CNNVD	id:	CNNVD-201710-530	date:	2017-10-18T00:00:00
db:	NVD	id:	CVE-2016-5789	date:	2017-10-13T03:29:00.193