Details of VAR-202003-0530

ID

VAR-202003-0530

CVE

CVE-2019-9098

TITLE

plural Moxa MGate Integer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2019-014922

DESCRIPTION

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. plural Moxa MGate The device is vulnerable to integer overflow.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd

Trust: 2.16

sources: NVD: CVE-2019-9098 // JVNDB: JVNDB-2019-014922 // CNVD: CNVD-2020-18367

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-18367

AFFECTED PRODUCTS

vendor:	moxa	model:	mb3180	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	mb3270	scope:	lte	version:	4.0	Trust: 1.0
vendor:	moxa	model:	mb3170	scope:	lte	version:	4.0	Trust: 1.0
vendor:	moxa	model:	mb3280	scope:	lte	version:	3.0	Trust: 1.0
vendor:	moxa	model:	mb3660	scope:	lte	version:	2.2	Trust: 1.0
vendor:	moxa	model:	mb3480	scope:	lte	version:	3.0	Trust: 1.0
vendor:	moxa	model:	mgate mb3170	scope:	eq	version:	4.1	Trust: 0.8
vendor:	moxa	model:	mgate mb3180	scope:	eq	version:	2.1	Trust: 0.8
vendor:	moxa	model:	mgate mb3270	scope:	eq	version:	4.1	Trust: 0.8
vendor:	moxa	model:	mgate mb3280	scope:	eq	version:	3.1	Trust: 0.8
vendor:	moxa	model:	mgate mb3480	scope:	eq	version:	3.1	Trust: 0.8
vendor:	moxa	model:	mgate mb3660	scope:	eq	version:	2.3	Trust: 0.8
vendor:	moxa	model:	mb3180	scope:	lte	version:	<=2.0	Trust: 0.6
vendor:	moxa	model:	mb3280	scope:	lte	version:	<=3.0	Trust: 0.6
vendor:	moxa	model:	mb3480	scope:	lte	version:	<=3.0	Trust: 0.6
vendor:	moxa	model:	mb3660	scope:	lte	version:	<=2.2	Trust: 0.6
vendor:	moxa	model:	mb3170	scope:	lte	version:	<=4.0	Trust: 0.6
vendor:	moxa	model:	mb3270	scope:	lte	version:	<=4.0	Trust: 0.6

sources: CNVD: CNVD-2020-18367 // JVNDB: JVNDB-2019-014922 // NVD: CVE-2019-9098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9098
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2019-9098
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014922
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-18367
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-1210
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-9098
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014922
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-18367
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-9098
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-9098
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-014922
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-18367 // JVNDB: JVNDB-2019-014922 // CNNVD: CNNVD-202002-1210 // NVD: CVE-2019-9098 // NVD: CVE-2019-9098

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-014922 // NVD: CVE-2019-9098

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1210

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1210

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014922

PATCH

title:	MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities	url:	https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities	Trust: 0.8
title:	Patch for Multiple Moxa product integer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/209795	Trust: 0.6
title:	Multiple Moxa Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112471	Trust: 0.6

sources: CNVD: CNVD-2020-18367 // JVNDB: JVNDB-2019-014922 // CNNVD: CNNVD-202002-1210

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-20-056-01	Trust: 3.0
db:	NVD	id:	CVE-2019-9098	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-014922	Trust: 0.8
db:	CNVD	id:	CNVD-2020-18367	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0720	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-1210	Trust: 0.6

sources: CNVD: CNVD-2020-18367 // JVNDB: JVNDB-2019-014922 // CNNVD: CNNVD-202002-1210 // NVD: CVE-2019-9098

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-056-01	Trust: 3.6
url:	https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9098	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9098	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0720/	Trust: 0.6

sources: CNVD: CNVD-2020-18367 // JVNDB: JVNDB-2019-014922 // CNNVD: CNNVD-202002-1210 // NVD: CVE-2019-9098

CREDITS

Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies

Trust: 0.6

sources: CNNVD: CNNVD-202002-1210

SOURCES

db:	CNVD	id:	CNVD-2020-18367
db:	JVNDB	id:	JVNDB-2019-014922
db:	CNNVD	id:	CNNVD-202002-1210
db:	NVD	id:	CVE-2019-9098

LAST UPDATE DATE

2024-11-23T21:36:03.605000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-18367	date:	2020-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-014922	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202002-1210	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2019-9098	date:	2024-11-21T04:50:58.600

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-18367	date:	2020-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-014922	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202002-1210	date:	2020-02-25T00:00:00
db:	NVD	id:	CVE-2019-9098	date:	2020-03-11T15:15:16.827