Sign-up

ID

VAR-202003-0532


CVE

CVE-2019-9101


TITLE

plural Moxa MGate Vulnerability in plaintext transmission of critical information on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-014860

DESCRIPTION

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. plural Moxa MGate The device contains a vulnerability in the transmission of important information in clear text.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd

Trust: 2.16

sources: NVD: CVE-2019-9101 // JVNDB: JVNDB-2019-014860 // CNVD: CNVD-2020-18365

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-18365

AFFECTED PRODUCTS

vendor:moxamodel:mb3180scope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:mb3270scope:lteversion:4.0

Trust: 1.0

vendor:moxamodel:mb3170scope:lteversion:4.0

Trust: 1.0

vendor:moxamodel:mb3280scope:lteversion:3.0

Trust: 1.0

vendor:moxamodel:mb3660scope:lteversion:2.2

Trust: 1.0

vendor:moxamodel:mb3480scope:lteversion:3.0

Trust: 1.0

vendor:moxamodel:mgate mb3170scope:eqversion:4.1

Trust: 0.8

vendor:moxamodel:mgate mb3180scope:eqversion:2.1

Trust: 0.8

vendor:moxamodel:mgate mb3270scope:eqversion:4.1

Trust: 0.8

vendor:moxamodel:mgate mb3280scope:eqversion:3.1

Trust: 0.8

vendor:moxamodel:mgate mb3480scope:eqversion:3.1

Trust: 0.8

vendor:moxamodel:mgate mb3660scope:eqversion:2.3

Trust: 0.8

vendor:moxamodel:mb3180scope:lteversion:<=2.0

Trust: 0.6

vendor:moxamodel:mb3280scope:lteversion:<=3.0

Trust: 0.6

vendor:moxamodel:mb3480scope:lteversion:<=3.0

Trust: 0.6

vendor:moxamodel:mb3660scope:lteversion:<=2.2

Trust: 0.6

vendor:moxamodel:mb3170scope:lteversion:<=4.0

Trust: 0.6

vendor:moxamodel:mb3270scope:lteversion:<=4.0

Trust: 0.6

sources: CNVD: CNVD-2020-18365 // JVNDB: JVNDB-2019-014860 // NVD: CVE-2019-9101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9101
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-9101
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014860
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-18365
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-1197
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-9101
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014860
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-18365
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-9101
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-9101
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-014860
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-18365 // JVNDB: JVNDB-2019-014860 // CNNVD: CNNVD-202002-1197 // NVD: CVE-2019-9101 // NVD: CVE-2019-9101

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2019-014860 // NVD: CVE-2019-9101

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1197

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202002-1197

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014860

PATCH
title:MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilitiesurl:https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities
Trust: 0.8
title:Patch for Multiple Moxa product plaintext transmission vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/209839
Trust: 0.6
title:Multiple Moxa Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111952
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-18365 // 
            
            
            
            JVNDB: JVNDB-2019-014860 // 
            
            
            
            CNNVD: CNNVD-202002-1197

EXTERNAL IDS
db:ICS CERTid:ICSA-20-056-01
Trust: 3.0
db:NVDid:CVE-2019-9101
Trust: 3.0
db:JVNDBid:JVNDB-2019-014860
Trust: 0.8
db:CNVDid:CNVD-2020-18365
Trust: 0.6
db:AUSCERTid:ESB-2020.0720
Trust: 0.6
db:CNNVDid:CNNVD-202002-1197
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-18365 // 
            
            
            
            JVNDB: JVNDB-2019-014860 // 
            
            
            
            CNNVD: CNNVD-202002-1197 // 
            
            
            
            NVD: CVE-2019-9101

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-056-01
Trust: 3.6
url:https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-9101
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9101
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0720/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-18365 // 
            
            
            
            JVNDB: JVNDB-2019-014860 // 
            
            
            
            CNNVD: CNNVD-202002-1197 // 
            
            
            
            NVD: CVE-2019-9101

CREDITS
Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202002-1197

SOURCES
db:CNVDid:CNVD-2020-18365
db:JVNDBid:JVNDB-2019-014860
db:CNNVDid:CNNVD-202002-1197
db:NVDid:CVE-2019-9101

LAST UPDATE DATE
2024-11-23T21:36:03.661000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-18365date:2020-03-20T00:00:00
db:JVNDBid:JVNDB-2019-014860date:2020-03-24T00:00:00
db:CNNVDid:CNNVD-202002-1197date:2020-05-15T00:00:00
db:NVDid:CVE-2019-9101date:2024-11-21T04:50:58.910

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-18365date:2020-03-20T00:00:00
db:JVNDBid:JVNDB-2019-014860date:2020-03-24T00:00:00
db:CNNVDid:CNNVD-202002-1197date:2020-02-25T00:00:00
db:NVDid:CVE-2019-9101date:2020-03-11T15:15:16.980