Details of VAR-201711-0135

ID

VAR-201711-0135

CVE

CVE-2017-16719

TITLE

plural Moxa NPort Product injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010328

DESCRIPTION

An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device. plural Moxa NPort The product contains an injection vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa's NPort 5110, 5130 and 5150 are all Moxa's serial communication servers for connecting industrial serial devices to the network. A number of MoxaNport products have a denial of service vulnerability, and attackers launch denial of service attacks by injecting packets that can corrupt device availability. Multiple Moxa NPort products are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. An attacker can exploit these issues to obtain sensitive information or cause excessive consumption of resources or crash of application resulting in a denial of service condition. A security vulnerability exists in the Moxa NPort 5110, 5130, and 5150

Trust: 2.7

sources: NVD: CVE-2017-16719 // JVNDB: JVNDB-2017-010328 // CNVD: CNVD-2017-34490 // BID: 101885 // IVD: 366a361a-2a16-4b72-84b4-ce092628d432 // VULHUB: VHN-107669

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 366a361a-2a16-4b72-84b4-ce092628d432 // CNVD: CNVD-2017-34490

AFFECTED PRODUCTS

vendor:	moxa	model:	nport 5110	scope:	eq	version:	2.2	Trust: 2.4
vendor:	moxa	model:	nport 5110	scope:	eq	version:	2.4	Trust: 2.4
vendor:	moxa	model:	nport 5110	scope:	eq	version:	2.6	Trust: 2.4
vendor:	moxa	model:	nport 5110	scope:	eq	version:	2.7	Trust: 2.4
vendor:	moxa	model:	nport 5130	scope:	lte	version:	3.7	Trust: 1.8
vendor:	moxa	model:	nport 5150	scope:	lte	version:	3.7	Trust: 1.8
vendor:	moxa	model:	nport	scope:	eq	version:	51102.2	Trust: 0.9
vendor:	moxa	model:	nport	scope:	eq	version:	51102.4	Trust: 0.9
vendor:	moxa	model:	nport	scope:	eq	version:	51102.6	Trust: 0.9
vendor:	moxa	model:	nport	scope:	eq	version:	51102.7	Trust: 0.9
vendor:	moxa	model:	nport	scope:	eq	version:	5150<=3.7	Trust: 0.6
vendor:	moxa	model:	nport	scope:	eq	version:	5130<=3.7	Trust: 0.6
vendor:	moxa	model:	nport 5130	scope:	eq	version:	3.7	Trust: 0.6
vendor:	moxa	model:	nport 5150	scope:	eq	version:	3.7	Trust: 0.6
vendor:	moxa	model:	nport	scope:	eq	version:	51503.7	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51503.6	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51503.5	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51303.7	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51303.6	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51303.5	Trust: 0.3
vendor:	moxa	model:	nport	scope:	eq	version:	51102.5	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	51503.8	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	51303.8	Trust: 0.3
vendor:	moxa	model:	nport	scope:	ne	version:	51102.9	Trust: 0.3
vendor:	nport 5110	model:	-	scope:	eq	version:	2.2	Trust: 0.2
vendor:	nport 5110	model:	-	scope:	eq	version:	2.4	Trust: 0.2
vendor:	nport 5110	model:	-	scope:	eq	version:	2.6	Trust: 0.2
vendor:	nport 5110	model:	-	scope:	eq	version:	2.7	Trust: 0.2
vendor:	nport 5130	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	nport 5150	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 366a361a-2a16-4b72-84b4-ce092628d432 // CNVD: CNVD-2017-34490 // BID: 101885 // JVNDB: JVNDB-2017-010328 // CNNVD: CNNVD-201711-642 // NVD: CVE-2017-16719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16719
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-16719
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-34490
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-642
value:	HIGH
Trust: 0.6
IVD:	366a361a-2a16-4b72-84b4-ce092628d432
value:	HIGH
Trust: 0.2
VULHUB:	VHN-107669
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-16719
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34490
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	366a361a-2a16-4b72-84b4-ce092628d432
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-107669
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16719
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 366a361a-2a16-4b72-84b4-ce092628d432 // CNVD: CNVD-2017-34490 // VULHUB: VHN-107669 // JVNDB: JVNDB-2017-010328 // CNNVD: CNNVD-201711-642 // NVD: CVE-2017-16719

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.9

sources: VULHUB: VHN-107669 // JVNDB: JVNDB-2017-010328 // NVD: CVE-2017-16719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-642

TYPE

injection

Trust: 0.8

sources: IVD: 366a361a-2a16-4b72-84b4-ce092628d432 // CNNVD: CNNVD-201711-642

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010328

PATCH

title:	トップページ	url:	http://japan.moxa.com/index.htm	Trust: 0.8
title:	Patches for several MoxaNport Product Denial of Service Vulnerabilities (CNVD-2017-34490)	url:	https://www.cnvd.org.cn/patchInfo/show/106358	Trust: 0.6
title:	Moxa NPort 5110 , 5130 and 5150 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76477	Trust: 0.6

sources: CNVD: CNVD-2017-34490 // JVNDB: JVNDB-2017-010328 // CNNVD: CNNVD-201711-642

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16719	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-320-01	Trust: 3.4
db:	BID	id:	101885	Trust: 2.0
db:	CNVD	id:	CNVD-2017-34490	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-642	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010328	Trust: 0.8
db:	IVD	id:	366A361A-2A16-4B72-84B4-CE092628D432	Trust: 0.2
db:	VULHUB	id:	VHN-107669	Trust: 0.1

sources: IVD: 366a361a-2a16-4b72-84b4-ce092628d432 // CNVD: CNVD-2017-34490 // VULHUB: VHN-107669 // BID: 101885 // JVNDB: JVNDB-2017-010328 // CNNVD: CNNVD-201711-642 // NVD: CVE-2017-16719

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-320-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/101885	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16719	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16719	Trust: 0.8
url:	https://www.moxa.com/support/download.aspx?type=support&id=882	Trust: 0.3
url:	https://www.moxa.com/support/download.aspx?type=support&id=356	Trust: 0.3
url:	http://www.moxa.com/product/vport_sdk.htm	Trust: 0.3

sources: CNVD: CNVD-2017-34490 // VULHUB: VHN-107669 // BID: 101885 // JVNDB: JVNDB-2017-010328 // CNNVD: CNNVD-201711-642 // NVD: CVE-2017-16719

CREDITS

Florian Adamsky

Trust: 0.3

sources: BID: 101885

SOURCES

db:	IVD	id:	366a361a-2a16-4b72-84b4-ce092628d432
db:	CNVD	id:	CNVD-2017-34490
db:	VULHUB	id:	VHN-107669
db:	BID	id:	101885
db:	JVNDB	id:	JVNDB-2017-010328
db:	CNNVD	id:	CNNVD-201711-642
db:	NVD	id:	CVE-2017-16719

LAST UPDATE DATE

2025-04-20T23:12:49.608000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34490	date:	2017-11-17T00:00:00
db:	VULHUB	id:	VHN-107669	date:	2019-10-09T00:00:00
db:	BID	id:	101885	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010328	date:	2017-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201711-642	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16719	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	366a361a-2a16-4b72-84b4-ce092628d432	date:	2017-11-17T00:00:00
db:	CNVD	id:	CNVD-2017-34490	date:	2017-11-17T00:00:00
db:	VULHUB	id:	VHN-107669	date:	2017-11-16T00:00:00
db:	BID	id:	101885	date:	2017-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-010328	date:	2017-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201711-642	date:	2017-11-20T00:00:00
db:	NVD	id:	CVE-2017-16719	date:	2017-11-16T21:29:00.373