cnvd - cnvd-2016-11881

cnvd-2016-11881

Vulnerability from cnvd

Title: Moxa NPort跨站请求伪造漏洞

Description:

MOXA Nport是一款串口通讯服务器。

Moxa NPort存在跨站请求伪造漏洞。由于未验证用户提交的请求，攻击者利用漏洞可发起跨站请求攻击。

Severity: 高

Patch Name: Moxa NPort跨站请求伪造漏洞的补丁

Patch Description:

MOXA Nport是一款串口通讯服务器。

Moxa NPort存在跨站请求伪造漏洞。由于未验证用户提交的请求，攻击者利用漏洞可发起跨站请求攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了升级版本，请及时下载更新： NPort 5110 Version 2.6: http://www.moxa.com/support/download.aspx?type=support&id=882 (link is external) NPort 5130/5150 Series Version 3.6: http://www.moxa.com/support/download.aspx?type=support&id=356 (link is external) NPort 5200 Series Version 2.8: http://www.moxa.com/support/download.aspx?type=support&id=904 (link is external) NPort 5400 Series Version 3.11: http://www.moxa.com/support/download.aspx?type=support&id=925 (link is external) NPort 5600 Series Version 3.7: http://www.moxa.com/support/download.aspx?type=support&id=905 (link is external) NPort 5100A Series & NPort P5150A Version 1.3: http://www.moxa.com/support/download.aspx?type=support&id=1403 (link is external) NPort 5200A Series Version 1.3: http://www.moxa.com/support/download.aspx?type=support&id=1462 (link is external) NPort 5150AI-M12 Series Version 1.2: http://www.moxa.com/support/download.aspx?type=support&id=2206 (link is external) NPort 5250AI-M12 Series Version 1.2: http://www.moxa.com/support/download.aspx?type=support&id=2207 (link is external) NPort 5450AI-M12 Series Version 1.2: http://www.moxa.com/support/download.aspx?type=support&id=2208 (link is external) NPort 5600-8-DT Series Version 2.4: http://www.moxa.com/support/download.aspx?type=support&id=938 (link is external) NPort 5600-8-DTL Series Version 1.3: http://www.moxa.com/support/download.aspx?type=support&id=1819 (link is external) NPort 6x50 Series Version 1.14: http://www.moxa.com/support/download.aspx?type=support&id=733 (link is external) NPort IA5450A Version 1.4: http://www.moxa.com/support/download.aspx?type=support&id=1469

Reference: https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02

Impacted products

Name
['Moxa NPort 5110 <2.6', 'Moxa NPort 5130/5150 <3.6', 'Moxa NPort 5200 <2.8', 'Moxa NPort 5400 <3.11', 'Moxa NPort 5600 <3.7', 'Moxa NPort P5150A <1.3', 'Moxa NPort 5100A <1.3', 'Moxa NPort 5200A <1.3', 'Moxa NPort 5150AI-M12 <1.2', 'Moxa NPort 5250AI-M12 <1.2', 'Moxa NPort 5450AI-M12 <1.2', 'Moxa NPort 5600-8-DT <2.4', 'Moxa NPort 5600-8-DTL <2.4', 'Moxa NPort 6x50 <1.13.11', 'Moxa NPort IA5450A <1.4']

Name

['Moxa NPort 5110 <2.6', 'Moxa NPort 5130/5150 <3.6', 'Moxa NPort 5200 <2.8', 'Moxa NPort 5400 <3.11', 'Moxa NPort 5600 <3.7', 'Moxa NPort P5150A <1.3', 'Moxa NPort 5100A <1.3', 'Moxa NPort 5200A <1.3', 'Moxa NPort 5150AI-M12 <1.2', 'Moxa NPort 5250AI-M12 <1.2', 'Moxa NPort 5450AI-M12 <1.2', 'Moxa NPort 5600-8-DT <2.4', 'Moxa NPort 5600-8-DTL <2.4', 'Moxa NPort 6x50 <1.13.11', 'Moxa NPort IA5450A <1.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9365"
    }
  },
  "description": "MOXA Nport\u662f\u4e00\u6b3e\u4e32\u53e3\u901a\u8baf\u670d\u52a1\u5668\u3002\r\n\r\nMoxa NPort\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u8bf7\u6c42\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u53d1\u8d77\u8de8\u7ad9\u8bf7\u6c42\u653b\u51fb\u3002",
  "discovererName": "Reid Wightman of Digital Bonds Labs",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u5347\u7ea7\u7248\u672c\uff0c\u8bf7\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nNPort 5110 Version 2.6:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=882 (link is external)\r\nNPort 5130/5150 Series Version 3.6:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=356 (link is external)\r\nNPort 5200 Series Version 2.8:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=904 (link is external)\r\nNPort 5400 Series Version 3.11:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=925 (link is external)\r\nNPort 5600 Series Version 3.7:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=905 (link is external)\r\nNPort 5100A Series \u0026 NPort P5150A Version 1.3:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=1403 (link is external)\r\nNPort 5200A Series Version 1.3:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=1462 (link is external)\r\nNPort 5150AI-M12 Series Version 1.2:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=2206 (link is external)\r\nNPort 5250AI-M12 Series Version 1.2:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=2207 (link is external)\r\nNPort 5450AI-M12 Series Version 1.2:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=2208 (link is external)\r\nNPort 5600-8-DT Series Version 2.4:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=938 (link is external)\r\nNPort 5600-8-DTL Series Version 1.3:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=1819 (link is external)\r\nNPort 6x50 Series Version 1.14:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=733 (link is external)\r\nNPort IA5450A Version 1.4:\r\nhttp://www.moxa.com/support/download.aspx?type=support\u0026id=1469",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11881",
  "openTime": "2016-12-05",
  "patchDescription": "MOXA Nport\u662f\u4e00\u6b3e\u4e32\u53e3\u901a\u8baf\u670d\u52a1\u5668\u3002\r\n\r\nMoxa NPort\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u8bf7\u6c42\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u53d1\u8d77\u8de8\u7ad9\u8bf7\u6c42\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa NPort\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Moxa NPort 5110 \u003c2.6",
      "Moxa NPort 5130/5150 \u003c3.6",
      "Moxa NPort 5200 \u003c2.8",
      "Moxa NPort 5400 \u003c3.11",
      "Moxa NPort 5600 \u003c3.7",
      "Moxa NPort P5150A \u003c1.3",
      "Moxa NPort 5100A \u003c1.3",
      "Moxa NPort 5200A \u003c1.3",
      "Moxa NPort 5150AI-M12 \u003c1.2",
      "Moxa NPort 5250AI-M12 \u003c1.2",
      "Moxa NPort 5450AI-M12 \u003c1.2",
      "Moxa NPort 5600-8-DT \u003c2.4",
      "Moxa NPort 5600-8-DTL \u003c2.4",
      "Moxa NPort 6x50 \u003c1.13.11",
      "Moxa NPort IA5450A \u003c1.4"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02",
  "serverity": "\u9ad8",
  "submitTime": "2016-12-05",
  "title": "Moxa NPort\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2016-9365 (GCVE-0-2016-9365)

Vulnerability from cvelistv5

Published

2017-02-13 21:00

Modified

2024-08-06 02:50

Severity ?

CWE

Moxa NPort Device csrf

Summary

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY).

References

▼	URL	Tags
	https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02	x_refsource_MISC
	http://www.securityfocus.com/bid/85965	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Moxa NPort	Version: Moxa NPort

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:36.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02"
          },
          {
            "name": "85965",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85965"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Moxa NPort",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Moxa NPort"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series \u0026 NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Moxa NPort Device csrf",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-14T13:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02"
        },
        {
          "name": "85965",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85965"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-9365",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Moxa NPort",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Moxa NPort"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series \u0026 NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Moxa NPort Device csrf"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02"
            },
            {
              "name": "85965",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85965"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-9365",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-11-16T00:00:00",
    "dateUpdated": "2024-08-06T02:50:36.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted