var-201308-0004
Vulnerability from variot
Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. Moxa OnCell Gateway can communicate with remote serial / Ethernet devices through GSM / GPRS / EDGE network for data and short message transmission. By calculating the private authentication key, an attacker can gain unauthorized access to the system and read the sensitive information of the device, or send commands to the device. This aids in other attacks. There is a security vulnerability in the Moxa OnCell Gateway module using firmware 1.3 and earlier. The following devices are affected: G3111, G3151, G3211, G3251
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oncell gateway g3251",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3111",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3151",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "oncell gateway g3211",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": null
},
{
"model": "oncell g3111",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "oncell g3151",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "oncell g3211",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "oncell g3251",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "oncell gateway g3251",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3211",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3151",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway g3111",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "oncell gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:moxa:oncell_gateway_g3111",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:moxa:oncell_gateway_g3151",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:moxa:oncell_gateway_g3211",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:moxa:oncell_gateway_g3251",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:oncell_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nadia Heninger, San Diego, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman",
"sources": [
{
"db": "BID",
"id": "61610"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2012-3039",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-11755",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-56320",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3039",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-3039",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-11755",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-055",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-56320",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. Moxa OnCell Gateway can communicate with remote serial / Ethernet devices through GSM / GPRS / EDGE network for data and short message transmission. By calculating the private authentication key, an attacker can gain unauthorized access to the system and read the sensitive information of the device, or send commands to the device. This aids in other attacks. There is a security vulnerability in the Moxa OnCell Gateway module using firmware 1.3 and earlier. The following devices are affected: G3111, G3151, G3211, G3251",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3039"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "BID",
"id": "61610"
},
{
"db": "VULHUB",
"id": "VHN-56320"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3039",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-13-217-01",
"trust": 2.8
},
{
"db": "BID",
"id": "61610",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-11755",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-56320",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "BID",
"id": "61610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"id": "VAR-201308-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
}
],
"trust": 1.41428572875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
}
]
},
"last_update_date": "2024-08-14T13:35:40.765000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware for OnCell G3111/G3151/G3211/G3251",
"trust": 0.8,
"url": "http://www.moxa.com/support/sarch_result.aspx?type=soft\u0026prod_id=316\u0026type_id=4"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.moxa.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://japan.moxa.com/index.htm"
},
{
"title": "\u4ee3\u7406\u5e97\u4e00\u89a7",
"trust": 0.8,
"url": "http://japan.moxa.com/buy/Default.htm#japan"
},
{
"title": "Patch for MOXA OnCell Gateways Insufficient Entropy Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/38080"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-217-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3039"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3039"
},
{
"trust": 0.6,
"url": "http://www.isssource.com/moxa-mitigates-entropy-vulnerability/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61610"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/product/cellular_gateway.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "BID",
"id": "61610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"db": "VULHUB",
"id": "VHN-56320"
},
{
"db": "BID",
"id": "61610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
},
{
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"date": "2013-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-56320"
},
{
"date": "2013-08-05T00:00:00",
"db": "BID",
"id": "61610"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"date": "2013-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-055"
},
{
"date": "2013-08-09T23:55:02.427000",
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11755"
},
{
"date": "2013-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-56320"
},
{
"date": "2013-08-05T00:00:00",
"db": "BID",
"id": "61610"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003711"
},
{
"date": "2013-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-055"
},
{
"date": "2013-08-12T19:28:58.983000",
"db": "NVD",
"id": "CVE-2012-3039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa OnCell Vulnerability of obtaining access rights in gateway product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003711"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-055"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…