Sign-up

ID

VAR-201711-0102


CVE

CVE-2017-16715


TITLE

plural Moxa NPort Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-010327

DESCRIPTION

An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure. plural Moxa NPort The product contains an information disclosure vulnerability.Information may be obtained. Moxa's NPort 5110, 5130 and 5150 are all Moxa's serial communication servers for connecting industrial serial devices to the network. Multiple Moxa NPort products are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. An attacker can exploit these issues to obtain sensitive information or cause excessive consumption of resources or crash of application resulting in a denial of service condition

Trust: 2.7

sources: NVD: CVE-2017-16715 // JVNDB: JVNDB-2017-010327 // CNVD: CNVD-2017-34491 // BID: 101885 // IVD: 0e5b3d25-bf75-4b56-a92f-d834052a891f // VULHUB: VHN-107665

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 0e5b3d25-bf75-4b56-a92f-d834052a891f // CNVD: CNVD-2017-34491

AFFECTED PRODUCTS

vendor:moxamodel:nport 5110scope:eqversion:2.2

Trust: 2.4

vendor:moxamodel:nport 5110scope:eqversion:2.4

Trust: 2.4

vendor:moxamodel:nport 5110scope:eqversion:2.6

Trust: 2.4

vendor:moxamodel:nport 5110scope:eqversion:2.7

Trust: 2.4

vendor:moxamodel:nport 5130scope:lteversion:3.7

Trust: 1.8

vendor:moxamodel:nport 5150scope:lteversion:3.7

Trust: 1.8

vendor:moxamodel:nportscope:eqversion:51102.2

Trust: 0.9

vendor:moxamodel:nportscope:eqversion:51102.4

Trust: 0.9

vendor:moxamodel:nportscope:eqversion:51102.6

Trust: 0.9

vendor:moxamodel:nportscope:eqversion:51102.7

Trust: 0.9

vendor:moxamodel:nportscope:eqversion:5150<=3.7

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5130<=3.7

Trust: 0.6

vendor:moxamodel:nport 5130scope:eqversion:3.7

Trust: 0.6

vendor:moxamodel:nport 5150scope:eqversion:3.7

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:51503.7

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51503.6

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51503.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.7

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.6

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51102.5

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51503.8

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51303.8

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51102.9

Trust: 0.3

vendor:nport 5110model: - scope:eqversion:2.2

Trust: 0.2

vendor:nport 5110model: - scope:eqversion:2.4

Trust: 0.2

vendor:nport 5110model: - scope:eqversion:2.6

Trust: 0.2

vendor:nport 5110model: - scope:eqversion:2.7

Trust: 0.2

vendor:nport 5130model: - scope:eqversion:*

Trust: 0.2

vendor:nport 5150model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 0e5b3d25-bf75-4b56-a92f-d834052a891f // CNVD: CNVD-2017-34491 // BID: 101885 // JVNDB: JVNDB-2017-010327 // CNNVD: CNNVD-201711-643 // NVD: CVE-2017-16715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16715
value: HIGH

Trust: 1.0

NVD: CVE-2017-16715
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34491
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-643
value: HIGH

Trust: 0.6

IVD: 0e5b3d25-bf75-4b56-a92f-d834052a891f
value: HIGH

Trust: 0.2

VULHUB: VHN-107665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-16715
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34491
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0e5b3d25-bf75-4b56-a92f-d834052a891f
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-107665
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16715
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 0e5b3d25-bf75-4b56-a92f-d834052a891f // CNVD: CNVD-2017-34491 // VULHUB: VHN-107665 // JVNDB: JVNDB-2017-010327 // CNNVD: CNNVD-201711-643 // NVD: CVE-2017-16715

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-107665 // JVNDB: JVNDB-2017-010327 // NVD: CVE-2017-16715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-643

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-643

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010327

PATCH
title:トップページurl:http://japan.moxa.com/index.htm
Trust: 0.8
title:Patches for multiple MoxaNport product information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/106359
Trust: 0.6
title:Moxa NPort 5110 , 5130  and 5150 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76478
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34491 // 
            
            
            
            JVNDB: JVNDB-2017-010327 // 
            
            
            
            CNNVD: CNNVD-201711-643

EXTERNAL IDS
db:NVDid:CVE-2017-16715
Trust: 3.6
db:ICS CERTid:ICSA-17-320-01
Trust: 3.4
db:BIDid:101885
Trust: 2.0
db:CNVDid:CNVD-2017-34491
Trust: 0.8
db:CNNVDid:CNNVD-201711-643
Trust: 0.8
db:JVNDBid:JVNDB-2017-010327
Trust: 0.8
db:IVDid:0E5B3D25-BF75-4B56-A92F-D834052A891F
Trust: 0.2
db:VULHUBid:VHN-107665
Trust: 0.1
sources:
            
            
            IVD: 0e5b3d25-bf75-4b56-a92f-d834052a891f // 
            
            
            
            CNVD: CNVD-2017-34491 // 
            
            
            
            VULHUB: VHN-107665 // 
            
            
            
            BID: 101885 // 
            
            
            
            JVNDB: JVNDB-2017-010327 // 
            
            
            
            CNNVD: CNNVD-201711-643 // 
            
            
            
            NVD: CVE-2017-16715

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-320-01
Trust: 3.4
url:http://www.securityfocus.com/bid/101885
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16715
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16715
Trust: 0.8
url:https://www.moxa.com/support/download.aspx?type=support&id=882
Trust: 0.3
url:https://www.moxa.com/support/download.aspx?type=support&id=356
Trust: 0.3
url:http://www.moxa.com/product/vport_sdk.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-34491 // 
            
            
            
            VULHUB: VHN-107665 // 
            
            
            
            BID: 101885 // 
            
            
            
            JVNDB: JVNDB-2017-010327 // 
            
            
            
            CNNVD: CNNVD-201711-643 // 
            
            
            
            NVD: CVE-2017-16715

CREDITS
Florian Adamsky
Trust: 0.3
sources:
            
            
            BID: 101885

SOURCES
db:IVDid:0e5b3d25-bf75-4b56-a92f-d834052a891f
db:CNVDid:CNVD-2017-34491
db:VULHUBid:VHN-107665
db:BIDid:101885
db:JVNDBid:JVNDB-2017-010327
db:CNNVDid:CNNVD-201711-643
db:NVDid:CVE-2017-16715

LAST UPDATE DATE
2025-04-20T23:12:45.994000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34491date:2017-11-17T00:00:00
db:VULHUBid:VHN-107665date:2019-10-09T00:00:00
db:BIDid:101885date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010327date:2017-12-12T00:00:00
db:CNNVDid:CNNVD-201711-643date:2019-10-17T00:00:00
db:NVDid:CVE-2017-16715date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:0e5b3d25-bf75-4b56-a92f-d834052a891fdate:2017-11-17T00:00:00
db:CNVDid:CNVD-2017-34491date:2017-11-17T00:00:00
db:VULHUBid:VHN-107665date:2017-11-16T00:00:00
db:BIDid:101885date:2017-11-16T00:00:00
db:JVNDBid:JVNDB-2017-010327date:2017-12-12T00:00:00
db:CNNVDid:CNNVD-201711-643date:2017-11-20T00:00:00
db:NVDid:CVE-2017-16715date:2017-11-16T21:29:00.340