Sign-up

ID

VAR-202003-0527


CVE

CVE-2019-9095


TITLE

plural Moxa MGate Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-014864

DESCRIPTION

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. Many Moxa products have weak encryption algorithm vulnerabilities that attackers can use to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2019-9095 // JVNDB: JVNDB-2019-014864 // CNVD: CNVD-2020-18363 // VULMON: CVE-2019-9095

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-18363

AFFECTED PRODUCTS

vendor:moxamodel:mb3180scope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:mb3270scope:lteversion:4.0

Trust: 1.0

vendor:moxamodel:mb3170scope:lteversion:4.0

Trust: 1.0

vendor:moxamodel:mb3280scope:lteversion:3.0

Trust: 1.0

vendor:moxamodel:mb3660scope:lteversion:2.2

Trust: 1.0

vendor:moxamodel:mb3480scope:lteversion:3.0

Trust: 1.0

vendor:moxamodel:mgate mb3170scope:eqversion:4.1

Trust: 0.8

vendor:moxamodel:mgate mb3180scope:eqversion:2.1

Trust: 0.8

vendor:moxamodel:mgate mb3270scope:eqversion:4.1

Trust: 0.8

vendor:moxamodel:mgate mb3280scope:eqversion:3.1

Trust: 0.8

vendor:moxamodel:mgate mb3480scope:eqversion:3.1

Trust: 0.8

vendor:moxamodel:mgate mb3660scope:eqversion:2.3

Trust: 0.8

vendor:moxamodel:mb3180scope:lteversion:<=2.0

Trust: 0.6

vendor:moxamodel:mb3280scope:lteversion:<=3.0

Trust: 0.6

vendor:moxamodel:mb3480scope:lteversion:<=3.0

Trust: 0.6

vendor:moxamodel:mb3660scope:lteversion:<=2.2

Trust: 0.6

vendor:moxamodel:mb3170scope:lteversion:<=4.0

Trust: 0.6

vendor:moxamodel:mb3270scope:lteversion:<=4.0

Trust: 0.6

sources: CNVD: CNVD-2020-18363 // JVNDB: JVNDB-2019-014864 // NVD: CVE-2019-9095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9095
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2019-9095
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014864
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-18363
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-1202
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-9095
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9095
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-014864
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-18363
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-9095
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-9095
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-014864
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-18363 // VULMON: CVE-2019-9095 // JVNDB: JVNDB-2019-014864 // CNNVD: CNNVD-202002-1202 // NVD: CVE-2019-9095 // NVD: CVE-2019-9095

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

problemtype:CWE-522

Trust: 0.8

sources: JVNDB: JVNDB-2019-014864 // NVD: CVE-2019-9095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1202

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202002-1202

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014864

PATCH
title:MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilitiesurl:https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities
Trust: 0.8
title:Patch for Multiple Moxa products weak encryption algorithm vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/209827
Trust: 0.6
title:Multiple Moxa Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111711
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-18363 // 
            
            
            
            JVNDB: JVNDB-2019-014864 // 
            
            
            
            CNNVD: CNNVD-202002-1202

EXTERNAL IDS
db:ICS CERTid:ICSA-20-056-01
Trust: 3.1
db:NVDid:CVE-2019-9095
Trust: 3.1
db:JVNDBid:JVNDB-2019-014864
Trust: 0.8
db:CNVDid:CNVD-2020-18363
Trust: 0.6
db:AUSCERTid:ESB-2020.0720
Trust: 0.6
db:CNNVDid:CNNVD-202002-1202
Trust: 0.6
db:VULMONid:CVE-2019-9095
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-18363 // 
            
            
            
            VULMON: CVE-2019-9095 // 
            
            
            
            JVNDB: JVNDB-2019-014864 // 
            
            
            
            CNNVD: CNNVD-202002-1202 // 
            
            
            
            NVD: CVE-2019-9095

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-056-01
Trust: 3.7
url:https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-9095
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9095
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0720/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-18363 // 
            
            
            
            VULMON: CVE-2019-9095 // 
            
            
            
            JVNDB: JVNDB-2019-014864 // 
            
            
            
            CNNVD: CNNVD-202002-1202 // 
            
            
            
            NVD: CVE-2019-9095

CREDITS
Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202002-1202

SOURCES
db:CNVDid:CNVD-2020-18363
db:VULMONid:CVE-2019-9095
db:JVNDBid:JVNDB-2019-014864
db:CNNVDid:CNNVD-202002-1202
db:NVDid:CVE-2019-9095

LAST UPDATE DATE
2024-11-23T21:36:03.689000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-18363date:2020-03-20T00:00:00
db:VULMONid:CVE-2019-9095date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-014864date:2020-03-24T00:00:00
db:CNNVDid:CNNVD-202002-1202date:2020-03-13T00:00:00
db:NVDid:CVE-2019-9095date:2024-11-21T04:50:58.117

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-18363date:2020-03-20T00:00:00
db:VULMONid:CVE-2019-9095date:2020-03-11T00:00:00
db:JVNDBid:JVNDB-2019-014864date:2020-03-24T00:00:00
db:CNNVDid:CNNVD-202002-1202date:2020-02-25T00:00:00
db:NVDid:CVE-2019-9095date:2020-03-11T15:15:16.467