Vulnerability-Lookup

CVE-2016-9346 (GCVE-0-2016-9346)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50

Summary

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

Severity ?

No CVSS data available.

CWE

Moxa MiiNePort Configuration data not encrypted

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Moxa MiiNePort	Affected: Moxa MiiNePort

VAR-201702-0849

Vulnerability from variot - Updated: 2025-04-20 23:26

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network.

An information disclosure vulnerability exists in Moxa MiiNePort, which originated from the program's failure to encrypt configuration data in files. An attacker could use this vulnerability to gain access to the target system. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0849",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "miineport e2",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.3"
      },
      {
        "model": "miineport e3",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.0"
      },
      {
        "model": "miineport e1",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.7"
      },
      {
        "model": "miineport e3",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "moxa",
        "version": "1.0"
      },
      {
        "model": "miineport e1",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "miineport e1",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.8"
      },
      {
        "model": "miineport e2",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "miineport e2",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.4"
      },
      {
        "model": "miineport e3",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "miineport e3",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "miineport",
        "scope": null,
        "trust": 0.6,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "miineport e2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "1.3"
      },
      {
        "model": "miineport e1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "1.7"
      },
      {
        "model": "miineport e2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.0"
      },
      {
        "model": "miineport e1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.0"
      },
      {
        "model": "miineport e3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "miineport e2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.4"
      },
      {
        "model": "miineport e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "moxa",
        "version": "1.8"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9346"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:moxa:miineport_e1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:moxa:miineport_e1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:moxa:miineport_e2",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:moxa:miineport_e2_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:moxa:miineport_e3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:moxa:miineport_e3_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aditya Sood",
    "sources": [
      {
        "db": "BID",
        "id": "94783"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-9346",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-9346",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-12353",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-98166",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-9346",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-9346",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-9346",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-12353",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201612-234",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-98166",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98166"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9346"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. \n\nAn information disclosure vulnerability exists in Moxa MiiNePort, which originated from the program\u0027s failure to encrypt configuration data in files. An attacker could use this vulnerability to gain access to the target system. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. \nSuccessful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98166"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-9346",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-343-01",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "94783",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-98166",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98166"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9346"
      }
    ]
  },
  "id": "VAR-201702-0849",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98166"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:26:13.332000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30b7\u30ea\u30a2\u30eb\u2212\u30a4\u30fc\u30b5\u30cd\u30c3\u30c8\u30fb\u30e2\u30b8\u30e5\u30fc\u30eb",
        "trust": 0.8,
        "url": "http://japan.moxa.com/product/Serial_to_Ethernet_embedded_Device_server.htm"
      },
      {
        "title": "Patch for Moxa MiiNePort Information Disclosure Vulnerability (CNVD-2016-12353)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/85875"
      },
      {
        "title": "Moxa MiiNePort Repair measures for session hijacking vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66271"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-98166"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9346"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-343-01"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/94783"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9346"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9346"
      },
      {
        "trust": 0.3,
        "url": "http://www.moxa.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98166"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9346"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98166"
      },
      {
        "db": "BID",
        "id": "94783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9346"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "date": "2017-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-98166"
      },
      {
        "date": "2016-12-08T00:00:00",
        "db": "BID",
        "id": "94783"
      },
      {
        "date": "2017-03-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "date": "2016-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      },
      {
        "date": "2017-02-13T21:59:01.800000",
        "db": "NVD",
        "id": "CVE-2016-9346"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-12353"
      },
      {
        "date": "2017-02-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-98166"
      },
      {
        "date": "2016-12-20T01:08:00",
        "db": "BID",
        "id": "94783"
      },
      {
        "date": "2017-03-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      },
      {
        "date": "2016-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2016-9346"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Moxa MiiNePort Product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007684"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-234"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-9346

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

Aliases

CVE-2016-9346

Aliases

CVE-2016-9346

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9346",
    "description": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.",
    "id": "GSD-2016-9346"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9346"
      ],
      "details": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.",
      "id": "GSD-2016-9346",
      "modified": "2023-12-13T01:21:21.950005Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2016-9346",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Moxa MiiNePort",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Moxa MiiNePort"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Moxa MiiNePort Configuration data not encrypted"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
          },
          {
            "name": "94783",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94783"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-9346"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
            },
            {
              "name": "94783",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94783"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2017-02-23T19:44Z",
      "publishedDate": "2017-02-13T21:59Z"
    }
  }
}

FKIE_CVE-2016-9346

Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/94783	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94783	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
moxa	miineport_e1_firmware	*
moxa	miineport_e2_firmware	*
moxa	miineport_e3_firmware	*
moxa	miineport_e1	-
moxa	miineport_e2	-
moxa	miineport_e3	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5768CC53-4855-45C6-9FD0-C3603B2FBA7C",
              "versionEndIncluding": "1.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E099C55B-0E6B-448E-A524-7D405261DC88",
              "versionEndIncluding": "1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD73B290-2AB0-4AAB-B9D6-E655181C88D0",
              "versionEndIncluding": "1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E72C6A-A107-4EB6-9692-C769DE9EEA17",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AACCDD37-C2D0-473A-ACE5-2B1246BF4712",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0017FB3-ADDC-477E-B4CD-4BFF1977CED0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."
    },
    {
      "lang": "es",
      "value": "Ha sido descubierto un problema en Moxa MiiNePort E1 versiones anteriores a 1.8, E2 versiones anteriores a 1.4 y E3 versiones anteriores a 1.1. Los datos de configuraci\u00f3n son almacenados en un archivo que no est\u00e1 cifrado."
    }
  ],
  "id": "CVE-2016-9346",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-13T21:59:01.800",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94783"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2J26-X5FV-JR5F

Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57

Details

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9346"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-13T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.",
  "id": "GHSA-2j26-x5fv-jr5f",
  "modified": "2022-05-17T02:57:56Z",
  "published": "2022-05-17T02:57:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9346"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94783"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-16-343-01

Vulnerability from csaf_cisa - Published: 2016-09-11 06:00 - Updated: 2025-06-17 16:50

Summary

Moxa MiiNePort Session Hijack Vulnerabilities

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-16-343-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2016/icsa-16-343-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-16-343-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-343-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Moxa MiiNePort Session Hijack Vulnerabilities",
    "tracking": {
      "current_release_date": "2025-06-17T16:50:00.161907Z",
      "generator": {
        "date": "2025-06-17T16:50:00.161879Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-16-343-01",
      "initial_release_date": "2016-09-11T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2016-09-11T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-17T16:50:00.161907Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.8",
                "product": {
                  "name": "Moxa MiiNePort E1: \u003c1.8",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MiiNePort E1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.4",
                "product": {
                  "name": "Moxa MiiNePort E2: \u003c1.4",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MiiNePort E2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.1",
                "product": {
                  "name": "Moxa MiiNePort E3: \u003c1.1",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "MiiNePort E3"
          }
        ],
        "category": "vendor",
        "name": "Moxa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9344",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E1 Series, Edition 1.8 (http://www.moxa.com/support/download.aspx?type=support\u0026id=1214)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=1214"
        },
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E2 Series, Edition 1.4 (http://www.moxa.com/support/download.aspx?type=support\u0026id=263)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=263"
        },
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E3 Series, Edition 1.1 (http://www.moxa.com/support/download.aspx?type=support\u0026id=2058)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=2058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2016-9346",
      "cwe": {
        "id": "CWE-312",
        "name": "Cleartext Storage of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E1 Series, Edition 1.8 (http://www.moxa.com/support/download.aspx?type=support\u0026id=1214)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=1214"
        },
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E2 Series, Edition 1.4 (http://www.moxa.com/support/download.aspx?type=support\u0026id=263)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=263"
        },
        {
          "category": "mitigation",
          "details": "Moxa has released new firmware editions, which address the identified vulnerabilities in MiiNePort devices. Moxa recommends installing these new firmware editions: MiiNePort E3 Series, Edition 1.1 (http://www.moxa.com/support/download.aspx?type=support\u0026id=2058)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.moxa.com/support/download.aspx?type=support\u0026id=2058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

CNVD-2016-12353

Vulnerability from cnvd - Published: 2016-12-15

Title

Moxa MiiNePort信息泄露漏洞（CNVD-2016-12353）

Description

Moxa MiiNePort是摩莎（Moxa）公司的一个专为制造商设计的可将串口设备连入网络连接的内嵌式设备联网模块。 Moxa MiiNePort存在信息泄露漏洞，该漏洞源于程序未能加密文件中的配置数据。攻击者可利用该漏洞获取目标系统的访问权限。

Severity

中

Patch Name

Moxa MiiNePort信息泄露漏洞（CNVD-2016-12353）的补丁

Patch Description

Moxa MiiNePort是摩莎（Moxa）公司的一个专为制造商设计的可将串口设备连入网络连接的内嵌式设备联网模块。 Moxa MiiNePort存在信息泄露漏洞，该漏洞源于程序未能加密文件中的配置数据。攻击者可利用该漏洞获取目标系统的访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： http://www.moxa.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01 http://www.securityfocus.com/bid/94783

Impacted products

Name
Moxa MiiNePort

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94783"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9346"
    }
  },
  "description": "Moxa MiiNePort\u662f\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u4e13\u4e3a\u5236\u9020\u5546\u8bbe\u8ba1\u7684\u53ef\u5c06\u4e32\u53e3\u8bbe\u5907\u8fde\u5165\u7f51\u7edc\u8fde\u63a5\u7684\u5185\u5d4c\u5f0f\u8bbe\u5907\u8054\u7f51\u6a21\u5757\u3002\r\n\r\nMoxa MiiNePort\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u52a0\u5bc6\u6587\u4ef6\u4e2d\u7684\u914d\u7f6e\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u76ee\u6807\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Aditya Sood",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.moxa.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-12353",
  "openTime": "2016-12-15",
  "patchDescription": "Moxa MiiNePort\u662f\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u4e13\u4e3a\u5236\u9020\u5546\u8bbe\u8ba1\u7684\u53ef\u5c06\u4e32\u53e3\u8bbe\u5907\u8fde\u5165\u7f51\u7edc\u8fde\u63a5\u7684\u5185\u5d4c\u5f0f\u8bbe\u5907\u8054\u7f51\u6a21\u5757\u3002\r\n\r\nMoxa MiiNePort\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u52a0\u5bc6\u6587\u4ef6\u4e2d\u7684\u914d\u7f6e\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u76ee\u6807\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa MiiNePort\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-12353\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Moxa MiiNePort"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01\r\nhttp://www.securityfocus.com/bid/94783",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-12",
  "title": "Moxa MiiNePort\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-12353\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9346 (GCVE-0-2016-9346)

VAR-201702-0849

GSD-2016-9346

FKIE_CVE-2016-9346

GHSA-2J26-X5FV-JR5F

ICSA-16-343-01

CNVD-2016-12353

Tags

Sightings

Nomenclature