Sign-up

ID

VAR-201807-0329


CVE

CVE-2018-10632


TITLE

plural Moxa NPort Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008458

DESCRIPTION

In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. Moxa NPort 5210 , 5230 and 5232 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa's NPort 5210, 5230 and 5232 are all Moxa's serial communication servers for connecting industrial serial devices to the network. A security vulnerability exists in Moxa's NPort 5210, 5230, and 52322.9build17030709 and earlier versions that caused the program to fail to limit the size of the requested resource. An attacker could exploit the vulnerability to cause a denial of service. Moxa NPort is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to resource exhaustion and crash the affected application, denying service to legitimate users. There are security vulnerabilities in Moxa NPort 5210, 5230, and 5232 2.9 build 17030709 and earlier versions

Trust: 2.79

sources: NVD: CVE-2018-10632 // JVNDB: JVNDB-2018-008458 // CNVD: CNVD-2018-14240 // BID: 104863 // IVD: 7d854242-463f-11e9-8fcc-000c29342cb1 // VULHUB: VHN-120411 // VULMON: CVE-2018-10632

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 7d854242-463f-11e9-8fcc-000c29342cb1 // CNVD: CNVD-2018-14240

AFFECTED PRODUCTS

vendor:moxamodel:nport 5230scope:eqversion:2.9

Trust: 1.6

vendor:moxamodel:nport 5232scope:eqversion:2.9

Trust: 1.6

vendor:moxamodel:nport 5210scope:eqversion:2.9

Trust: 1.6

vendor:moxamodel:nport 5210scope:lteversion:2.9 build 17030709

Trust: 0.8

vendor:moxamodel:nport 5230scope:lteversion:2.9 build 17030709

Trust: 0.8

vendor:moxamodel:nport 5232scope:lteversion:2.9 build 17030709

Trust: 0.8

vendor:moxamodel:nport buildscope:eqversion:5210<=2.917030709

Trust: 0.6

vendor:moxamodel:nport buildscope:eqversion:5230<=2.917030709

Trust: 0.6

vendor:moxamodel:nport buildscope:eqversion:5232<=2.917030709

Trust: 0.6

vendor:moxamodel:nport buildscope:eqversion:52322.917030709

Trust: 0.3

vendor:moxamodel:nport buildscope:eqversion:52302.917030709

Trust: 0.3

vendor:moxamodel:nport buildscope:eqversion:52102.917030709

Trust: 0.3

vendor:nport 5230model: - scope:eqversion:2.9

Trust: 0.2

vendor:nport 5232model: - scope:eqversion:2.9

Trust: 0.2

vendor:nport 5210model: - scope:eqversion:2.9

Trust: 0.2

sources: IVD: 7d854242-463f-11e9-8fcc-000c29342cb1 // CNVD: CNVD-2018-14240 // BID: 104863 // JVNDB: JVNDB-2018-008458 // CNNVD: CNNVD-201807-1796 // NVD: CVE-2018-10632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10632
value: HIGH

Trust: 1.0

NVD: CVE-2018-10632
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-14240
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-1796
value: HIGH

Trust: 0.6

IVD: 7d854242-463f-11e9-8fcc-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-120411
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-10632
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-10632
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-14240
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d854242-463f-11e9-8fcc-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-120411
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10632
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 7d854242-463f-11e9-8fcc-000c29342cb1 // CNVD: CNVD-2018-14240 // VULHUB: VHN-120411 // VULMON: CVE-2018-10632 // JVNDB: JVNDB-2018-008458 // CNNVD: CNNVD-201807-1796 // NVD: CVE-2018-10632

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-120411 // JVNDB: JVNDB-2018-008458 // NVD: CVE-2018-10632

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1796

TYPE

Resource management error

Trust: 0.8

sources: IVD: 7d854242-463f-11e9-8fcc-000c29342cb1 // CNNVD: CNNVD-201807-1796

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008458

PATCH
title:Firmware for External Device Servers NPort 5200 Seriesurl:https://www.moxa.com/support/download.aspx?type=support&id=904
Trust: 0.8
title:Patches for Moxa's NPort 5210, 5230, and 5232 Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/135787
Trust: 0.6
title:Moxa NPort 5210 , 5230  and 5232 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82590
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14240 // 
            
            
            
            JVNDB: JVNDB-2018-008458 // 
            
            
            
            CNNVD: CNNVD-201807-1796

EXTERNAL IDS
db:NVDid:CVE-2018-10632
Trust: 3.7
db:ICS CERTid:ICSA-18-200-04
Trust: 2.9
db:BIDid:104863
Trust: 2.7
db:CNNVDid:CNNVD-201807-1796
Trust: 0.9
db:CNVDid:CNVD-2018-14240
Trust: 0.8
db:JVNDBid:JVNDB-2018-008458
Trust: 0.8
db:IVDid:7D854242-463F-11E9-8FCC-000C29342CB1
Trust: 0.2
db:SEEBUGid:SSVID-98931
Trust: 0.1
db:VULHUBid:VHN-120411
Trust: 0.1
db:VULMONid:CVE-2018-10632
Trust: 0.1
sources:
            
            
            IVD: 7d854242-463f-11e9-8fcc-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-14240 // 
            
            
            
            VULHUB: VHN-120411 // 
            
            
            
            VULMON: CVE-2018-10632 // 
            
            
            
            BID: 104863 // 
            
            
            
            JVNDB: JVNDB-2018-008458 // 
            
            
            
            CNNVD: CNNVD-201807-1796 // 
            
            
            
            NVD: CVE-2018-10632

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-200-04
Trust: 3.0
url:http://www.securityfocus.com/bid/104863
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2018-10632
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10632
Trust: 0.8
url:https://www.moxa.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/400.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14240 // 
            
            
            
            VULHUB: VHN-120411 // 
            
            
            
            VULMON: CVE-2018-10632 // 
            
            
            
            BID: 104863 // 
            
            
            
            JVNDB: JVNDB-2018-008458 // 
            
            
            
            CNNVD: CNNVD-201807-1796 // 
            
            
            
            NVD: CVE-2018-10632

CREDITS
Mikael Vingaard
Trust: 0.3
sources:
            
            
            BID: 104863

SOURCES
db:IVDid:7d854242-463f-11e9-8fcc-000c29342cb1
db:CNVDid:CNVD-2018-14240
db:VULHUBid:VHN-120411
db:VULMONid:CVE-2018-10632
db:BIDid:104863
db:JVNDBid:JVNDB-2018-008458
db:CNNVDid:CNNVD-201807-1796
db:NVDid:CVE-2018-10632

LAST UPDATE DATE
2024-11-23T22:17:26.979000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14240date:2019-01-23T00:00:00
db:VULHUBid:VHN-120411date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-10632date:2019-10-09T00:00:00
db:BIDid:104863date:2018-07-19T00:00:00
db:JVNDBid:JVNDB-2018-008458date:2018-10-18T00:00:00
db:CNNVDid:CNNVD-201807-1796date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10632date:2024-11-21T03:41:42.167

SOURCES RELEASE DATE
db:IVDid:7d854242-463f-11e9-8fcc-000c29342cb1date:2018-07-31T00:00:00
db:CNVDid:CNVD-2018-14240date:2018-07-30T00:00:00
db:VULHUBid:VHN-120411date:2018-07-24T00:00:00
db:VULMONid:CVE-2018-10632date:2018-07-24T00:00:00
db:BIDid:104863date:2018-07-19T00:00:00
db:JVNDBid:JVNDB-2018-008458date:2018-10-18T00:00:00
db:CNNVDid:CNNVD-201807-1796date:2018-07-25T00:00:00
db:NVDid:CVE-2018-10632date:2018-07-24T17:29:00.307