Sign-up

ID

VAR-201711-0415


CVE

CVE-2017-14028


TITLE

plural Moxa NPort Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010326

DESCRIPTION

A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets. plural Moxa NPort The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa's NPort 5110, 5130 and 5150 are all Moxa's serial communication servers for connecting industrial serial devices to the network. Multiple Moxa NPort products are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. An attacker can exploit these issues to obtain sensitive information or cause excessive consumption of resources or crash of application resulting in a denial of service condition. A security vulnerability exists in the Moxa NPort 5110, 5130, and 5150

Trust: 2.7

sources: NVD: CVE-2017-14028 // JVNDB: JVNDB-2017-010326 // CNVD: CNVD-2017-34492 // BID: 101885 // IVD: 23aaef23-f0d6-42a4-b900-aa242ee04a91 // VULHUB: VHN-104709

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 23aaef23-f0d6-42a4-b900-aa242ee04a91 // CNVD: CNVD-2017-34492

AFFECTED PRODUCTS

vendor:moxamodel:nport 5110scope:eqversion:2.2

Trust: 2.4

vendor:moxamodel:nport 5110scope:eqversion:2.4

Trust: 2.4

vendor:moxamodel:nport 5110scope:eqversion:2.6

Trust: 2.4

vendor:moxamodel:nport 5110scope:eqversion:2.7

Trust: 2.4

vendor:moxamodel:nport 5130scope:lteversion:3.7

Trust: 1.8

vendor:moxamodel:nport 5150scope:lteversion:3.7

Trust: 1.8

vendor:moxamodel:nportscope:eqversion:51102.2

Trust: 0.9

vendor:moxamodel:nportscope:eqversion:51102.4

Trust: 0.9

vendor:moxamodel:nportscope:eqversion:51102.6

Trust: 0.9

vendor:moxamodel:nportscope:eqversion:51102.7

Trust: 0.9

vendor:moxamodel:nportscope:eqversion:5150<=3.7

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5130<=3.7

Trust: 0.6

vendor:moxamodel:nport 5130scope:eqversion:3.7

Trust: 0.6

vendor:moxamodel:nport 5150scope:eqversion:3.7

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:51503.7

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51503.6

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51503.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.7

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.6

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51102.5

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51503.8

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51303.8

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51102.9

Trust: 0.3

vendor:nport 5110model: - scope:eqversion:2.2

Trust: 0.2

vendor:nport 5110model: - scope:eqversion:2.4

Trust: 0.2

vendor:nport 5110model: - scope:eqversion:2.6

Trust: 0.2

vendor:nport 5110model: - scope:eqversion:2.7

Trust: 0.2

vendor:nport 5130model: - scope:eqversion:*

Trust: 0.2

vendor:nport 5150model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 23aaef23-f0d6-42a4-b900-aa242ee04a91 // CNVD: CNVD-2017-34492 // BID: 101885 // JVNDB: JVNDB-2017-010326 // CNNVD: CNNVD-201708-1247 // NVD: CVE-2017-14028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14028
value: HIGH

Trust: 1.0

NVD: CVE-2017-14028
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34492
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-1247
value: HIGH

Trust: 0.6

IVD: 23aaef23-f0d6-42a4-b900-aa242ee04a91
value: HIGH

Trust: 0.2

VULHUB: VHN-104709
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14028
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34492
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 23aaef23-f0d6-42a4-b900-aa242ee04a91
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-104709
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14028
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 23aaef23-f0d6-42a4-b900-aa242ee04a91 // CNVD: CNVD-2017-34492 // VULHUB: VHN-104709 // JVNDB: JVNDB-2017-010326 // CNNVD: CNNVD-201708-1247 // NVD: CVE-2017-14028

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-104709 // JVNDB: JVNDB-2017-010326 // NVD: CVE-2017-14028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1247

TYPE

Resource management error

Trust: 0.8

sources: IVD: 23aaef23-f0d6-42a4-b900-aa242ee04a91 // CNNVD: CNNVD-201708-1247

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010326

PATCH
title:トップページurl:http://japan.moxa.com/index.htm
Trust: 0.8
title:Patches for multiple MoxaNport product denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/106360
Trust: 0.6
title:Moxa NPort 5110 , 5130  and 5150 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100010
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34492 // 
            
            
            
            JVNDB: JVNDB-2017-010326 // 
            
            
            
            CNNVD: CNNVD-201708-1247

EXTERNAL IDS
db:NVDid:CVE-2017-14028
Trust: 3.6
db:ICS CERTid:ICSA-17-320-01
Trust: 3.4
db:BIDid:101885
Trust: 2.0
db:CNNVDid:CNNVD-201708-1247
Trust: 0.9
db:CNVDid:CNVD-2017-34492
Trust: 0.8
db:JVNDBid:JVNDB-2017-010326
Trust: 0.8
db:IVDid:23AAEF23-F0D6-42A4-B900-AA242EE04A91
Trust: 0.2
db:VULHUBid:VHN-104709
Trust: 0.1
sources:
            
            
            IVD: 23aaef23-f0d6-42a4-b900-aa242ee04a91 // 
            
            
            
            CNVD: CNVD-2017-34492 // 
            
            
            
            VULHUB: VHN-104709 // 
            
            
            
            BID: 101885 // 
            
            
            
            JVNDB: JVNDB-2017-010326 // 
            
            
            
            CNNVD: CNNVD-201708-1247 // 
            
            
            
            NVD: CVE-2017-14028

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-320-01
Trust: 3.4
url:http://www.securityfocus.com/bid/101885
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14028
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14028
Trust: 0.8
url:https://www.moxa.com/support/download.aspx?type=support&id=882
Trust: 0.3
url:https://www.moxa.com/support/download.aspx?type=support&id=356
Trust: 0.3
url:http://www.moxa.com/product/vport_sdk.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-34492 // 
            
            
            
            VULHUB: VHN-104709 // 
            
            
            
            BID: 101885 // 
            
            
            
            JVNDB: JVNDB-2017-010326 // 
            
            
            
            CNNVD: CNNVD-201708-1247 // 
            
            
            
            NVD: CVE-2017-14028

CREDITS
Florian Adamsky
Trust: 0.3
sources:
            
            
            BID: 101885

SOURCES
db:IVDid:23aaef23-f0d6-42a4-b900-aa242ee04a91
db:CNVDid:CNVD-2017-34492
db:VULHUBid:VHN-104709
db:BIDid:101885
db:JVNDBid:JVNDB-2017-010326
db:CNNVDid:CNNVD-201708-1247
db:NVDid:CVE-2017-14028

LAST UPDATE DATE
2025-04-20T23:12:46.033000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34492date:2017-11-17T00:00:00
db:VULHUBid:VHN-104709date:2019-10-09T00:00:00
db:BIDid:101885date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010326date:2017-12-12T00:00:00
db:CNNVDid:CNNVD-201708-1247date:2019-10-17T00:00:00
db:NVDid:CVE-2017-14028date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:23aaef23-f0d6-42a4-b900-aa242ee04a91date:2017-11-17T00:00:00
db:CNVDid:CNVD-2017-34492date:2017-11-17T00:00:00
db:VULHUBid:VHN-104709date:2017-11-16T00:00:00
db:BIDid:101885date:2017-11-16T00:00:00
db:JVNDBid:JVNDB-2017-010326date:2017-12-12T00:00:00
db:CNNVDid:CNNVD-201708-1247date:2017-08-31T00:00:00
db:NVDid:CVE-2017-14028date:2017-11-16T21:29:00.293