Sign-up

ID

VAR-201903-0639


CVE

CVE-2016-5819


TITLE

plural Moxa Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-009322

DESCRIPTION

Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. plural Moxa The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaOnCellG3100 and others are IP gateway products of Moxa

Trust: 2.16

sources: NVD: CVE-2016-5819 // JVNDB: JVNDB-2016-009322 // CNVD: CNVD-2016-07360

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07360

AFFECTED PRODUCTS

vendor:moxamodel:oncell g3111scope:ltversion:1.7

Trust: 1.6

vendor:moxamodel:oncell g3151scope:ltversion:1.7

Trust: 1.6

vendor:moxamodel:oncell g3211scope:ltversion:1.7

Trust: 1.6

vendor:moxamodel:oncell g3251scope:ltversion:1.7

Trust: 1.6

vendor:moxamodel:oncell g3100v2scope:ltversion:2.8

Trust: 1.0

vendor:moxamodel:oncell g3100v2 seriesscope:ltversion:2.8

Trust: 0.8

vendor:moxamodel:oncell g3111 seriesscope:ltversion:1.7

Trust: 0.8

vendor:moxamodel:oncell g3151 seriesscope:ltversion:1.7

Trust: 0.8

vendor:moxamodel:oncell g3211 seriesscope:ltversion:1.7

Trust: 0.8

vendor:moxamodel:oncell g3251 seriesscope:ltversion:1.7

Trust: 0.8

vendor:moxamodel:oncell g3100v2scope:lteversion:<=2.28

Trust: 0.6

sources: CNVD: CNVD-2016-07360 // JVNDB: JVNDB-2016-009322 // NVD: CVE-2016-5819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5819
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-5819
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-07360
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-053
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2016-5819
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-07360
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-5819
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-07360 // JVNDB: JVNDB-2016-009322 // CNNVD: CNNVD-201609-053 // NVD: CVE-2016-5819

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2016-009322 // NVD: CVE-2016-5819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-053

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201609-053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-009322

PATCH
title:Top Pageurl:https://www.moxa.com/en/
Trust: 0.8
title:Patches for multiple Moxa product cross-site scripting vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/81211
Trust: 0.6
title:Multiple Moxa Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63882
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-07360 // 
            
            
            
            JVNDB: JVNDB-2016-009322 // 
            
            
            
            CNNVD: CNNVD-201609-053

EXTERNAL IDS
db:ICS CERTid:ICSA-16-236-01
Trust: 3.0
db:NVDid:CVE-2016-5819
Trust: 3.0
db:JVNDBid:JVNDB-2016-009322
Trust: 0.8
db:CNVDid:CNVD-2016-07360
Trust: 0.6
db:CNNVDid:CNNVD-201609-053
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-07360 // 
            
            
            
            JVNDB: JVNDB-2016-009322 // 
            
            
            
            CNNVD: CNNVD-201609-053 // 
            
            
            
            NVD: CVE-2016-5819

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-236-01
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2016-5819
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5819
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-07360 // 
            
            
            
            JVNDB: JVNDB-2016-009322 // 
            
            
            
            CNNVD: CNNVD-201609-053 // 
            
            
            
            NVD: CVE-2016-5819

SOURCES
db:CNVDid:CNVD-2016-07360
db:JVNDBid:JVNDB-2016-009322
db:CNNVDid:CNNVD-201609-053
db:NVDid:CVE-2016-5819

LAST UPDATE DATE
2024-11-23T21:54:29.515000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-07360date:2016-09-08T00:00:00
db:JVNDBid:JVNDB-2016-009322date:2019-05-08T00:00:00
db:CNNVDid:CNNVD-201609-053date:2020-06-09T00:00:00
db:NVDid:CVE-2016-5819date:2024-11-21T02:55:04.173

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-07360date:2016-09-08T00:00:00
db:JVNDBid:JVNDB-2016-009322date:2019-05-08T00:00:00
db:CNNVDid:CNNVD-201609-053date:2016-08-30T00:00:00
db:NVDid:CVE-2016-5819date:2019-03-21T15:59:41.420