Details of VAR-201903-0640

ID

VAR-201903-0640

CVE

CVE-2015-6457

TITLE

Moxa SoftCMS Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2015-008239 // CNNVD: CNNVD-201509-137

DESCRIPTION

Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. Moxa SoftCMS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the setConfigPath method of the IPCam.IPCam_Video_Render_Plugin.1 control. The implementation copies the user-supplied string to a field in a heap-based buffer without validating its size, which can lead to a heap buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Moxa SoftCMS is a central management software for managing large surveillance systems. Moxa SoftCMS is prone to multiple unspecified buffer-overflow vulnerabilities because it fails to properly bounds-check user supplied input. The software supports real-time video monitoring, video playback and event management, etc. The vulnerability stems from the fact that the program does not fully verify the 'strIP' parameter and the 'strUserName' parameter in the setUserInfoData method of the VLCPlugin control, and the input of the Open3 method in the RTSPVIDEO.rtspvideoCtrl.1 control. Strings, input strings for multiple methods (AudioRecord, Open, and Open2) in the RTSPVIDEO ActiveX control, input strings for multiple methods (setRecordPrefix, setStreamRecordData, and setConfigPath) in the IPCam.IPCamVideoRender_Plugin.1 control

Trust: 7.56

sources: NVD: CVE-2015-6457 // JVNDB: JVNDB-2015-008239 // ZDI: ZDI-15-437 // ZDI: ZDI-15-436 // ZDI: ZDI-15-431 // ZDI: ZDI-15-432 // ZDI: ZDI-15-435 // ZDI: ZDI-15-430 // ZDI: ZDI-15-429 // ZDI: ZDI-15-434 // CNVD: CNVD-2015-05787 // BID: 76509 // VULHUB: VHN-84418

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05787

AFFECTED PRODUCTS

vendor:	moxa	model:	softcms	scope:	-	version:	-	Trust: 5.6
vendor:	moxa	model:	softcms	scope:	lte	version:	1.3	Trust: 1.8
vendor:	moxa	model:	softcms	scope:	lte	version:	<=1.3	Trust: 0.6

sources: ZDI: ZDI-15-437 // ZDI: ZDI-15-436 // ZDI: ZDI-15-431 // ZDI: ZDI-15-432 // ZDI: ZDI-15-435 // ZDI: ZDI-15-430 // ZDI: ZDI-15-429 // ZDI: ZDI-15-434 // CNVD: CNVD-2015-05787 // JVNDB: JVNDB-2015-008239 // NVD: CVE-2015-6457

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2015-6457
value:	MEDIUM
Trust: 5.6
nvd@nist.gov:	CVE-2015-6457
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6457
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05787
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201509-137
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84418
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6457
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 7.4
CNVD:	CNVD-2015-05787
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84418
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6457
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-15-437 // ZDI: ZDI-15-436 // ZDI: ZDI-15-431 // ZDI: ZDI-15-432 // ZDI: ZDI-15-435 // ZDI: ZDI-15-430 // ZDI: ZDI-15-429 // ZDI: ZDI-15-434 // CNVD: CNVD-2015-05787 // VULHUB: VHN-84418 // JVNDB: JVNDB-2015-008239 // CNNVD: CNNVD-201509-137 // NVD: CVE-2015-6457

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-122	Trust: 1.0

sources: VULHUB: VHN-84418 // JVNDB: JVNDB-2015-008239 // NVD: CVE-2015-6457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-137

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201509-137

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008239

PATCH

title:	Moxa has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01	Trust: 5.6
title:	Top Page	url:	https://www.moxa.com/en/	Trust: 0.8
title:	Patch for Moxa SoftCMS Buffer Overflow Vulnerability (CNVD-2015-05787)	url:	https://www.cnvd.org.cn/patchInfo/show/63512	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6457	Trust: 9.0
db:	ICS CERT	id:	ICSA-15-239-01	Trust: 3.4
db:	ZDI	id:	ZDI-15-437	Trust: 1.0
db:	ZDI	id:	ZDI-15-436	Trust: 1.0
db:	ZDI	id:	ZDI-15-431	Trust: 1.0
db:	ZDI	id:	ZDI-15-432	Trust: 1.0
db:	ZDI	id:	ZDI-15-435	Trust: 1.0
db:	ZDI	id:	ZDI-15-430	Trust: 1.0
db:	ZDI	id:	ZDI-15-429	Trust: 1.0
db:	ZDI	id:	ZDI-15-434	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-008239	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2999	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3000	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2955	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2950	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2954	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2956	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2953	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2951	Trust: 0.7
db:	CNNVD	id:	CNNVD-201509-137	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05787	Trust: 0.6
db:	ZDI	id:	ZDI-15-433	Trust: 0.3
db:	BID	id:	76509	Trust: 0.3
db:	VULHUB	id:	VHN-84418	Trust: 0.1

sources: ZDI: ZDI-15-437 // ZDI: ZDI-15-436 // ZDI: ZDI-15-431 // ZDI: ZDI-15-432 // ZDI: ZDI-15-435 // ZDI: ZDI-15-430 // ZDI: ZDI-15-429 // ZDI: ZDI-15-434 // CNVD: CNVD-2015-05787 // VULHUB: VHN-84418 // BID: 76509 // JVNDB: JVNDB-2015-008239 // CNNVD: CNNVD-201509-137 // NVD: CVE-2015-6457

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-239-01	Trust: 9.0
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6457	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6457	Trust: 0.8
url:	http://www.moxa.com/product/softcms.htm	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-429/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-430/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-431/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-432/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-434/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-435/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-436/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-437/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-433/	Trust: 0.3

sources: ZDI: ZDI-15-437 // ZDI: ZDI-15-436 // ZDI: ZDI-15-431 // ZDI: ZDI-15-432 // ZDI: ZDI-15-435 // ZDI: ZDI-15-430 // ZDI: ZDI-15-429 // ZDI: ZDI-15-434 // CNVD: CNVD-2015-05787 // VULHUB: VHN-84418 // BID: 76509 // JVNDB: JVNDB-2015-008239 // CNNVD: CNNVD-201509-137 // NVD: CVE-2015-6457

CREDITS

Carsten Eiram - Risk Based Security

Trust: 4.8

sources: ZDI: ZDI-15-431 // ZDI: ZDI-15-432 // ZDI: ZDI-15-435 // ZDI: ZDI-15-430 // ZDI: ZDI-15-429 // ZDI: ZDI-15-434 // CNNVD: CNNVD-201509-137

SOURCES

db:	ZDI	id:	ZDI-15-437
db:	ZDI	id:	ZDI-15-436
db:	ZDI	id:	ZDI-15-431
db:	ZDI	id:	ZDI-15-432
db:	ZDI	id:	ZDI-15-435
db:	ZDI	id:	ZDI-15-430
db:	ZDI	id:	ZDI-15-429
db:	ZDI	id:	ZDI-15-434
db:	CNVD	id:	CNVD-2015-05787
db:	VULHUB	id:	VHN-84418
db:	BID	id:	76509
db:	JVNDB	id:	JVNDB-2015-008239
db:	CNNVD	id:	CNNVD-201509-137
db:	NVD	id:	CVE-2015-6457

LAST UPDATE DATE

2024-11-23T21:52:27.109000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-437	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-436	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-431	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-432	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-435	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-430	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-429	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-434	date:	2015-09-08T00:00:00
db:	CNVD	id:	CNVD-2015-05787	date:	2015-09-06T00:00:00
db:	VULHUB	id:	VHN-84418	date:	2019-10-09T00:00:00
db:	BID	id:	76509	date:	2015-11-03T19:14:00
db:	JVNDB	id:	JVNDB-2015-008239	date:	2019-04-22T00:00:00
db:	CNNVD	id:	CNNVD-201509-137	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2015-6457	date:	2024-11-21T02:35:00.140

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-15-437	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-436	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-431	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-432	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-435	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-430	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-429	date:	2015-09-08T00:00:00
db:	ZDI	id:	ZDI-15-434	date:	2015-09-08T00:00:00
db:	CNVD	id:	CNVD-2015-05787	date:	2015-09-06T00:00:00
db:	VULHUB	id:	VHN-84418	date:	2019-03-21T00:00:00
db:	BID	id:	76509	date:	2015-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-008239	date:	2019-04-22T00:00:00
db:	CNNVD	id:	CNNVD-201509-137	date:	2015-09-10T00:00:00
db:	NVD	id:	CVE-2015-6457	date:	2019-03-21T20:29:00.250