Vulnerabilites related to moxa - eds-g512e
var-201912-1342
Vulnerability from variot
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. Moxa EDS-G508E , EDS-G512E , EDS-G516E An unspecified vulnerability exists in these devices.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches are all Ethernet switches manufactured by Moxa.
Moxa EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches resource management error vulnerability, which could be used by an attacker to cause the target device to stop service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g508e",
"scope": "lte",
"trust": 1.8,
"vendor": "moxa",
"version": "6.0"
},
{
"model": "eds-g512e",
"scope": "lte",
"trust": 1.8,
"vendor": "moxa",
"version": "6.0"
},
{
"model": "eds-g516e",
"scope": "lte",
"trust": 1.8,
"vendor": "moxa",
"version": "6.0"
},
{
"model": "eds-g508e",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=6.0"
},
{
"model": "eds-g516e",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=6.0"
},
{
"model": "eds-g512e",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=6.0"
},
{
"model": "eds-g508e",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "eds-g512e",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "eds-g516e",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-477"
},
{
"db": "NVD",
"id": "CVE-2019-19707"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-g508e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-g512e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-g516e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
}
]
},
"cve": "CVE-2019-19707",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-19707",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-03167",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19707",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-19707",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19707",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-19707",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-03167",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-477",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-19707",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"db": "VULMON",
"id": "CVE-2019-19707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-477"
},
{
"db": "NVD",
"id": "CVE-2019-19707"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. Moxa EDS-G508E , EDS-G512E , EDS-G516E An unspecified vulnerability exists in these devices.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches are all Ethernet switches manufactured by Moxa. \n\nMoxa EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches resource management error vulnerability, which could be used by an attacker to cause the target device to stop service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"db": "VULMON",
"id": "CVE-2019-19707"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19707",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-353-01",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013131",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-03167",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4728",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-477",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-19707",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"db": "VULMON",
"id": "CVE-2019-19707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-477"
},
{
"db": "NVD",
"id": "CVE-2019-19707"
}
]
},
"id": "VAR-201912-1342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03167"
}
],
"trust": 1.1978196133333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03167"
}
]
},
"last_update_date": "2024-11-23T22:33:38.184000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities"
},
{
"title": "Patch for Moxa EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches Resource Management Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/198491"
},
{
"title": "Moxa EDS-G508E , EDS-G512E and EDS-G516E Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19707"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-353-01"
},
{
"trust": 1.7,
"url": "https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19707"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19707"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4728/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"db": "VULMON",
"id": "CVE-2019-19707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-477"
},
{
"db": "NVD",
"id": "CVE-2019-19707"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"db": "VULMON",
"id": "CVE-2019-19707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-477"
},
{
"db": "NVD",
"id": "CVE-2019-19707"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"date": "2019-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19707"
},
{
"date": "2019-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"date": "2019-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-477"
},
{
"date": "2019-12-11T02:15:14.683000",
"db": "NVD",
"id": "CVE-2019-19707"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03167"
},
{
"date": "2019-12-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19707"
},
{
"date": "2019-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013131"
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-477"
},
{
"date": "2024-11-21T04:35:14.117000",
"db": "NVD",
"id": "CVE-2019-19707"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-477"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa EDS Vulnerabilities in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013131"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-477"
}
],
"trust": 0.6
}
}
var-201711-0915
Vulnerability from variot
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. MOXA EDS-G512E The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaEDS-G512E is an Ethernet switch device from Moxa. A cross-site scripting vulnerability exists in the management interface in the MOXAEDS-G512E5.1build 16072215 release. A remote attacker can exploit this vulnerability to inject malicious code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0915",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g512e",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "eds-g512e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1 build 16072215"
},
{
"model": "eds-g512e build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "5.116072215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1119"
},
{
"db": "NVD",
"id": "CVE-2017-13700"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-g512e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
}
]
},
"cve": "CVE-2017-13700",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-13700",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2017-37433",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-104349",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2017-13700",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13700",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-13700",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-37433",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1119",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-104349",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "VULHUB",
"id": "VHN-104349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1119"
},
{
"db": "NVD",
"id": "CVE-2017-13700"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. MOXA EDS-G512E The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaEDS-G512E is an Ethernet switch device from Moxa. A cross-site scripting vulnerability exists in the management interface in the MOXAEDS-G512E5.1build 16072215 release. A remote attacker can exploit this vulnerability to inject malicious code",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13700"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "VULHUB",
"id": "VHN-104349"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13700",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1119",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-37433",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-104349",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "VULHUB",
"id": "VHN-104349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1119"
},
{
"db": "NVD",
"id": "CVE-2017-13700"
}
]
},
"id": "VAR-201711-0915",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "VULHUB",
"id": "VHN-104349"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
}
]
},
"last_update_date": "2024-11-23T22:48:53.143000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G508E/EDS-G512E/EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/EDS-G500E.htm"
},
{
"title": "Patch for MOXAEDS-G512E Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/110939"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"db": "NVD",
"id": "CVE-2017-13700"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13700"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13700"
},
{
"trust": 0.8,
"url": "https://www.sentryo.net/sentryo-analysis-industrial-ethernet-switch/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "VULHUB",
"id": "VHN-104349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1119"
},
{
"db": "NVD",
"id": "CVE-2017-13700"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "VULHUB",
"id": "VHN-104349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1119"
},
{
"db": "NVD",
"id": "CVE-2017-13700"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"date": "2017-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-104349"
},
{
"date": "2017-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1119"
},
{
"date": "2017-11-17T18:29:00.403000",
"db": "NVD",
"id": "CVE-2017-13700"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"date": "2017-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-104349"
},
{
"date": "2017-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010002"
},
{
"date": "2017-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1119"
},
{
"date": "2024-11-21T03:11:27.740000",
"db": "NVD",
"id": "CVE-2017-13700"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1119"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOXA EDS-G512E Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37433"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1119"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1119"
}
],
"trust": 0.6
}
}
var-201711-0914
Vulnerability from variot
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. MOXA EDS-G512E The device contains a cryptographic strength vulnerability.Information may be obtained. The MOXAEDS-G512E is a Gigabit Ethernet manageable switch. MOXA EDS-G512E is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0914",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g512e",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "eds-g512e build",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "5.116072215"
},
{
"model": "eds-g512e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1 build 16072215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"db": "BID",
"id": "106047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1120"
},
{
"db": "NVD",
"id": "CVE-2017-13699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-g512e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sentryo Security Labs.",
"sources": [
{
"db": "BID",
"id": "106047"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13699",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37712",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-104347",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13699",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13699",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-13699",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-37712",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1120",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-104347",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"db": "VULHUB",
"id": "VHN-104347"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1120"
},
{
"db": "NVD",
"id": "CVE-2017-13699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. MOXA EDS-G512E The device contains a cryptographic strength vulnerability.Information may be obtained. The MOXAEDS-G512E is a Gigabit Ethernet manageable switch. MOXA EDS-G512E is prone to an information-disclosure vulnerability. \nSuccessfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13699"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"db": "BID",
"id": "106047"
},
{
"db": "VULHUB",
"id": "VHN-104347"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13699",
"trust": 3.4
},
{
"db": "BID",
"id": "106047",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1120",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-37712",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-104347",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"db": "VULHUB",
"id": "VHN-104347"
},
{
"db": "BID",
"id": "106047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1120"
},
{
"db": "NVD",
"id": "CVE-2017-13699"
}
]
},
"id": "VAR-201711-0914",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"db": "VULHUB",
"id": "VHN-104347"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37712"
}
]
},
"last_update_date": "2024-11-23T22:12:47.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G508E/EDS-G512E/EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/EDS-G500E.htm"
},
{
"title": "MOXAEDS-G512E password encryption method vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104347"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"db": "NVD",
"id": "CVE-2017-13699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/switch-moxa-analysis.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13699"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/106047"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13699"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"db": "VULHUB",
"id": "VHN-104347"
},
{
"db": "BID",
"id": "106047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1120"
},
{
"db": "NVD",
"id": "CVE-2017-13699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"db": "VULHUB",
"id": "VHN-104347"
},
{
"db": "BID",
"id": "106047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1120"
},
{
"db": "NVD",
"id": "CVE-2017-13699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"date": "2017-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-104347"
},
{
"date": "2018-11-23T00:00:00",
"db": "BID",
"id": "106047"
},
{
"date": "2017-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1120"
},
{
"date": "2017-11-23T21:29:00.297000",
"db": "NVD",
"id": "CVE-2017-13699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37712"
},
{
"date": "2018-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-104347"
},
{
"date": "2018-11-23T00:00:00",
"db": "BID",
"id": "106047"
},
{
"date": "2017-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010580"
},
{
"date": "2017-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1120"
},
{
"date": "2024-11-21T03:11:27.580000",
"db": "NVD",
"id": "CVE-2017-13699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1120"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOXA EDS-G512E Vulnerability related to cryptographic strength in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010580"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1120"
}
],
"trust": 0.6
}
}
var-201711-0917
Vulnerability from variot
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. MOXA EDS-G512E The device contains an information disclosure vulnerability.Information may be obtained. MoxaEDS-G512E is an Ethernet switch device from Moxa. A security vulnerability exists in the MOXAEDS-G512E5.1build 16072215 release. An attacker could exploit the vulnerability to steal, manipulate, and reuse cookies
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0917",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g512e",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "eds-g512e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1 build 16072215"
},
{
"model": "eds-g512e build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "5.116072215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1117"
},
{
"db": "NVD",
"id": "CVE-2017-13702"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-g512e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
}
]
},
"cve": "CVE-2017-13702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13702",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37434",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-104351",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13702",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13702",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-13702",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-37434",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1117",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-104351",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"db": "VULHUB",
"id": "VHN-104351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1117"
},
{
"db": "NVD",
"id": "CVE-2017-13702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. MOXA EDS-G512E The device contains an information disclosure vulnerability.Information may be obtained. MoxaEDS-G512E is an Ethernet switch device from Moxa. A security vulnerability exists in the MOXAEDS-G512E5.1build 16072215 release. An attacker could exploit the vulnerability to steal, manipulate, and reuse cookies",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13702"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"db": "VULHUB",
"id": "VHN-104351"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13702",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-37434",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1117",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-104351",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"db": "VULHUB",
"id": "VHN-104351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1117"
},
{
"db": "NVD",
"id": "CVE-2017-13702"
}
]
},
"id": "VAR-201711-0917",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"db": "VULHUB",
"id": "VHN-104351"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37434"
}
]
},
"last_update_date": "2024-11-23T22:26:35.540000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G508E/EDS-G512E/EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/EDS-G500E.htm"
},
{
"title": "Patch for MOXAEDS-G512E Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/110937"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"db": "NVD",
"id": "CVE-2017-13702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13702"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13702"
},
{
"trust": 0.8,
"url": "https://www.sentryo.net/sentryo-analysis-industrial-ethernet-switch/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"db": "VULHUB",
"id": "VHN-104351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1117"
},
{
"db": "NVD",
"id": "CVE-2017-13702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"db": "VULHUB",
"id": "VHN-104351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1117"
},
{
"db": "NVD",
"id": "CVE-2017-13702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"date": "2017-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-104351"
},
{
"date": "2017-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1117"
},
{
"date": "2017-11-17T18:29:00.437000",
"db": "NVD",
"id": "CVE-2017-13702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37434"
},
{
"date": "2017-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-104351"
},
{
"date": "2017-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010003"
},
{
"date": "2017-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1117"
},
{
"date": "2024-11-21T03:11:28.067000",
"db": "NVD",
"id": "CVE-2017-13702"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1117"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOXA EDS-G512E Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010003"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1117"
}
],
"trust": 0.6
}
}
var-201711-0918
Vulnerability from variot
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. MOXA EDS-G512E The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaEDS-G512E is an Ethernet switch device from Moxa. A security vulnerability exists in the MOXAEDS-G512E5.1build 16072215 release
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0918",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g512e",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "eds-g512e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1 build 16072215"
},
{
"model": "eds-g512e build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "5.116072215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1116"
},
{
"db": "NVD",
"id": "CVE-2017-13703"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-g512e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
}
]
},
"cve": "CVE-2017-13703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13703",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37435",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-104352",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13703",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13703",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-13703",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-37435",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1116",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104352",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"db": "VULHUB",
"id": "VHN-104352"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1116"
},
{
"db": "NVD",
"id": "CVE-2017-13703"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. MOXA EDS-G512E The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaEDS-G512E is an Ethernet switch device from Moxa. A security vulnerability exists in the MOXAEDS-G512E5.1build 16072215 release",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13703"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"db": "VULHUB",
"id": "VHN-104352"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13703",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1116",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-37435",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-104352",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"db": "VULHUB",
"id": "VHN-104352"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1116"
},
{
"db": "NVD",
"id": "CVE-2017-13703"
}
]
},
"id": "VAR-201711-0918",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"db": "VULHUB",
"id": "VHN-104352"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37435"
}
]
},
"last_update_date": "2024-11-23T22:00:48.932000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G508E/EDS-G512E/EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/EDS-G500E.htm"
},
{
"title": "MOXAEDS-G512E patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/110941"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104352"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"db": "NVD",
"id": "CVE-2017-13703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13703"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13703"
},
{
"trust": 0.8,
"url": "https://www.sentryo.net/sentryo-analysis-industrial-ethernet-switch/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"db": "VULHUB",
"id": "VHN-104352"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1116"
},
{
"db": "NVD",
"id": "CVE-2017-13703"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"db": "VULHUB",
"id": "VHN-104352"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1116"
},
{
"db": "NVD",
"id": "CVE-2017-13703"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"date": "2017-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-104352"
},
{
"date": "2017-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1116"
},
{
"date": "2017-11-17T18:29:00.497000",
"db": "NVD",
"id": "CVE-2017-13703"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37435"
},
{
"date": "2017-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-104352"
},
{
"date": "2017-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010004"
},
{
"date": "2017-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1116"
},
{
"date": "2024-11-21T03:11:28.220000",
"db": "NVD",
"id": "CVE-2017-13703"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOXA EDS-G512E Vulnerability related to input validation on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1116"
}
],
"trust": 0.6
}
}
var-201711-0916
Vulnerability from variot
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. MOXA EDS-G512E The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MOXAEDS-G512E is a Gigabit Ethernet manageable switch. MOXAEDS-G512E5.1build16072215 has an information disclosure vulnerability. An attacker could exploit this vulnerability to obtain sensitive information. MOXA EDS-G512E is prone to an information-disclosure vulnerability. The vulnerability is caused by the fact that the stored password is not encrypted with timestamp encryption
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0916",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g512e",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "eds-g512e build",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "5.116072215"
},
{
"model": "eds-g512e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1 build 16072215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"db": "BID",
"id": "101966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1118"
},
{
"db": "NVD",
"id": "CVE-2017-13701"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-g512e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sentryo Security Labs.",
"sources": [
{
"db": "BID",
"id": "101966"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13701",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13701",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37713",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-104350",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13701",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13701",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-13701",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-37713",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1118",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-104350",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"db": "VULHUB",
"id": "VHN-104350"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1118"
},
{
"db": "NVD",
"id": "CVE-2017-13701"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. MOXA EDS-G512E The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MOXAEDS-G512E is a Gigabit Ethernet manageable switch. MOXAEDS-G512E5.1build16072215 has an information disclosure vulnerability. An attacker could exploit this vulnerability to obtain sensitive information. MOXA EDS-G512E is prone to an information-disclosure vulnerability. The vulnerability is caused by the fact that the stored password is not encrypted with timestamp encryption",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13701"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"db": "BID",
"id": "101966"
},
{
"db": "VULHUB",
"id": "VHN-104350"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13701",
"trust": 3.4
},
{
"db": "BID",
"id": "101966",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-37713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1118",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-104350",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"db": "VULHUB",
"id": "VHN-104350"
},
{
"db": "BID",
"id": "101966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1118"
},
{
"db": "NVD",
"id": "CVE-2017-13701"
}
]
},
"id": "VAR-201711-0916",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"db": "VULHUB",
"id": "VHN-104350"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37713"
}
]
},
"last_update_date": "2024-11-23T21:40:09.624000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G508E/EDS-G512E/EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/EDS-G500E.htm"
},
{
"title": "Patch for MOXAEDS-G512E Information Disclosure Vulnerability (CNVD-2017-37713)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111315"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104350"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"db": "NVD",
"id": "CVE-2017-13701"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/switch-moxa-analysis.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101966"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13701"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13701"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"db": "VULHUB",
"id": "VHN-104350"
},
{
"db": "BID",
"id": "101966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1118"
},
{
"db": "NVD",
"id": "CVE-2017-13701"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"db": "VULHUB",
"id": "VHN-104350"
},
{
"db": "BID",
"id": "101966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1118"
},
{
"db": "NVD",
"id": "CVE-2017-13701"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"date": "2017-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-104350"
},
{
"date": "2017-11-23T00:00:00",
"db": "BID",
"id": "101966"
},
{
"date": "2017-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1118"
},
{
"date": "2017-11-23T21:29:00.343000",
"db": "NVD",
"id": "CVE-2017-13701"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37713"
},
{
"date": "2017-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-104350"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101966"
},
{
"date": "2017-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010581"
},
{
"date": "2017-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1118"
},
{
"date": "2024-11-21T03:11:27.897000",
"db": "NVD",
"id": "CVE-2017-13701"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1118"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOXA EDS-G512E Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010581"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1118"
}
],
"trust": 0.6
}
}
var-201711-0913
Vulnerability from variot
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. MOXA EDS-G512E The device contains a vulnerability related to key management errors.Information may be obtained. The MOXAEDS-G512E is a Gigabit Ethernet manageable switch. MOXAEDS-G512E5.1build16072215 has a public and private key extraction vulnerability. MOXA EDS-G512E Industrial Switch is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0913",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g512e",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "eds-g512e build",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "5.116072215"
},
{
"model": "eds-g512e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1 build 16072215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"db": "BID",
"id": "105981"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1121"
},
{
"db": "NVD",
"id": "CVE-2017-13698"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-g512e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "105981"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13698",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13698",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37711",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-104346",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13698",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13698",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-13698",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-37711",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1121",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104346",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"db": "VULHUB",
"id": "VHN-104346"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1121"
},
{
"db": "NVD",
"id": "CVE-2017-13698"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. MOXA EDS-G512E The device contains a vulnerability related to key management errors.Information may be obtained. The MOXAEDS-G512E is a Gigabit Ethernet manageable switch. MOXAEDS-G512E5.1build16072215 has a public and private key extraction vulnerability. MOXA EDS-G512E Industrial Switch is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13698"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"db": "BID",
"id": "105981"
},
{
"db": "VULHUB",
"id": "VHN-104346"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13698",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1121",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-37711",
"trust": 0.6
},
{
"db": "BID",
"id": "105981",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-104346",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"db": "VULHUB",
"id": "VHN-104346"
},
{
"db": "BID",
"id": "105981"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1121"
},
{
"db": "NVD",
"id": "CVE-2017-13698"
}
]
},
"id": "VAR-201711-0913",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"db": "VULHUB",
"id": "VHN-104346"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37711"
}
]
},
"last_update_date": "2024-11-23T23:05:17.093000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G508E/EDS-G512E/EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/EDS-G500E.htm"
},
{
"title": "Patch for MOXAEDS-G512E public and private key extraction vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111319"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-320",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104346"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"db": "NVD",
"id": "CVE-2017-13698"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/switch-moxa-analysis.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13698"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13698"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"db": "VULHUB",
"id": "VHN-104346"
},
{
"db": "BID",
"id": "105981"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1121"
},
{
"db": "NVD",
"id": "CVE-2017-13698"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"db": "VULHUB",
"id": "VHN-104346"
},
{
"db": "BID",
"id": "105981"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1121"
},
{
"db": "NVD",
"id": "CVE-2017-13698"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"date": "2017-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-104346"
},
{
"date": "2017-11-23T00:00:00",
"db": "BID",
"id": "105981"
},
{
"date": "2017-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1121"
},
{
"date": "2017-11-23T21:29:00.250000",
"db": "NVD",
"id": "CVE-2017-13698"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37711"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-104346"
},
{
"date": "2017-11-23T00:00:00",
"db": "BID",
"id": "105981"
},
{
"date": "2017-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010579"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1121"
},
{
"date": "2024-11-21T03:11:27.427000",
"db": "NVD",
"id": "CVE-2017-13698"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1121"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOXA EDS-G512E Device key management error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010579"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1121"
}
],
"trust": 0.6
}
}
cve-2017-13700
Vulnerability from cvelistv5
Published
2017-11-17 18:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/",
"refsource": "MISC",
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13700",
"datePublished": "2017-11-17T18:00:00",
"dateReserved": "2017-08-25T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19707
Vulnerability from cvelistv5
Published
2019-12-11 01:03
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T01:03:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities",
"refsource": "MISC",
"url": "https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19707",
"datePublished": "2019-12-11T01:03:51",
"dateReserved": "2019-12-11T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13702
Vulnerability from cvelistv5
Published
2017-11-17 18:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:20.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/",
"refsource": "MISC",
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13702",
"datePublished": "2017-11-17T18:00:00",
"dateReserved": "2017-08-25T00:00:00",
"dateUpdated": "2024-08-05T19:05:20.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13698
Vulnerability from cvelistv5
Published
2017-11-23 21:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-23T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf",
"refsource": "MISC",
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13698",
"datePublished": "2017-11-23T21:00:00",
"dateReserved": "2017-08-25T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13699
Vulnerability from cvelistv5
Published
2017-11-23 21:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/106047 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:20.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"name": "106047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"name": "106047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf",
"refsource": "MISC",
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"name": "106047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13699",
"datePublished": "2017-11-23T21:00:00",
"dateReserved": "2017-08-25T00:00:00",
"dateUpdated": "2024-08-05T19:05:20.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13703
Vulnerability from cvelistv5
Published
2017-11-17 18:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/",
"refsource": "MISC",
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13703",
"datePublished": "2017-11-17T18:00:00",
"dateReserved": "2017-08-25T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13701
Vulnerability from cvelistv5
Published
2017-11-23 21:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/101966 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:20.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"name": "101966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"name": "101966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf",
"refsource": "MISC",
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"name": "101966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13701",
"datePublished": "2017-11-23T21:00:00",
"dateReserved": "2017-08-25T00:00:00",
"dateUpdated": "2024-08-05T19:05:20.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-11-23 21:29
Modified
2024-11-21 03:11
Severity ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | eds-g512e_firmware | 5.1 | |
| moxa | eds-g512e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80F267F1-E99B-4FF2-8CE6-43DB70F66DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded."
},
{
"lang": "es",
"value": "Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. Un atacante podr\u00eda extraer las claves p\u00fablicas y privadas de la imagen de firmware disponible en el sitio web de MOXA y emplearlas contra un switch de producci\u00f3n que tiene embebidas las claves por defecto."
}
],
"id": "CVE-2017-13698",
"lastModified": "2024-11-21T03:11:27.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-23T21:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 18:29
Modified
2024-11-21 03:11
Severity ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | eds-g512e_firmware | 5.1 | |
| moxa | eds-g512e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80F267F1-E99B-4FF2-8CE6-43DB70F66DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused."
},
{
"lang": "es",
"value": "Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. Las cookies se pueden robar, manipular y reutilizar."
}
],
"id": "CVE-2017-13702",
"lastModified": "2024-11-21T03:11:28.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T18:29:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-23 21:29
Modified
2024-11-21 03:11
Severity ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/101966 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101966 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | eds-g512e_firmware | 5.1 | |
| moxa | eds-g512e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80F267F1-E99B-4FF2-8CE6-43DB70F66DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method."
},
{
"lang": "es",
"value": "Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. El archivo de copia de seguridad contiene informaci\u00f3n sensible de forma no segura. No hay una sal para el hasheo de contrase\u00f1as. Las contrase\u00f1as se almacenan sin ser cifradas con un m\u00e9todo de cifrado con marca de tiempo."
}
],
"id": "CVE-2017-13701",
"lastModified": "2024-11-21T03:11:27.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-23T21:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101966"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 18:29
Modified
2024-11-21 03:11
Severity ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | eds-g512e_firmware | 5.1 | |
| moxa | eds-g512e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80F267F1-E99B-4FF2-8CE6-43DB70F66DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur."
},
{
"lang": "es",
"value": "Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. Puede ocurrir una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2017-13703",
"lastModified": "2024-11-21T03:11:28.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T18:29:00.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 18:29
Modified
2024-11-21 03:11
Severity ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | eds-g512e_firmware | 5.1 | |
| moxa | eds-g512e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80F267F1-E99B-4FF2-8CE6-43DB70F66DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface."
},
{
"lang": "es",
"value": "Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. Existe XSS en la interfaz de administraci\u00f3n."
}
],
"id": "CVE-2017-13700",
"lastModified": "2024-11-21T03:11:27.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T18:29:00.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-11 02:15
Modified
2024-11-21 04:35
Severity ?
Summary
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | eds-g508e_firmware | * | |
| moxa | eds-g508e | - | |
| moxa | eds-g512e_firmware | * | |
| moxa | eds-g512e | - | |
| moxa | eds-g516e_firmware | * | |
| moxa | eds-g516e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g508e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CFA3A1-8D81-44A2-B85A-660DA26DC748",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g508e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "902E4454-8B97-4DC1-8D3F-16516DA259E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7020A945-30CB-41F9-959F-E91BE1F2F00B",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g516e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F05DFB71-9217-4E5E-BD7C-B7B4AF419809",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g516e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8F739-ED5B-46A6-A120-1FC17064EB78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets."
},
{
"lang": "es",
"value": "En los dispositivos Moxa EDS-G508E, EDS-G512E y EDS-G516E (con versi\u00f3n de firmware hasta 6.0), una denegaci\u00f3n de servicio puede presentarse por medio de paquetes de descubrimiento de endpoint DCE-RPC de PROFINET ."
}
],
"id": "CVE-2019-19707",
"lastModified": "2024-11-21T04:35:14.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T02:15:14.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-23 21:29
Modified
2024-11-21 03:11
Severity ?
Summary
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | eds-g512e_firmware | 5.1 | |
| moxa | eds-g512e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80F267F1-E99B-4FF2-8CE6-43DB70F66DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it."
},
{
"lang": "es",
"value": "Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. El m\u00e9todo de codificaci\u00f3n de contrase\u00f1as puede ser recuperado desde el firmware. El m\u00e9todo de codificaci\u00f3n se basa en un valor chall que se env\u00eda en texto claro como par\u00e1metro POST. Un atacante podr\u00eda invertir el algoritmo de codificaci\u00f3n de contrase\u00f1a para recuperarlo."
}
],
"id": "CVE-2017-13699",
"lastModified": "2024-11-21T03:11:27.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-23T21:29:00.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/106047"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/106047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}