CVE-2016-2286 - OpenCVE

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Moxa	Miineport E1 7080 Firmware Miineport E2 4561 Firmware Miineport E1 7080 Miineport E1 4641 Firmware Miineport E2 1242 Firmware Miineport E1 4641 Miineport E3 Firmware Miineport E2 1242 Miineport E3 Miineport E2 4561

Configuration 1 [-]

AND

cpe:2.3:h:moxa:miineport_e2_1242:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:miineport_e2_1242_firmware:1.1:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:moxa:miineport_e1_7080:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:miineport_e1_7080_firmware:1.1.10:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:moxa:miineport_e2_4561:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:miineport_e2_4561_firmware:1.1:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:miineport_e3_firmware:1.0:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:moxa:miineport_e1_4641:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:miineport_e1_4641_firmware:1.1.10:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2016/May/7
https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2016-05-31T01:00:00

Updated: 2016-11-28T20:57:01

Reserved: 2016-02-09T00:00:00

Link: CVE-2016-2286

JSON object: View

NVD Information

Status : Modified

Published: 2016-05-31T01:59:05.947

Modified: 2016-11-30T03:04:48.233

Link: CVE-2016-2286

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-28T20:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "20160503 Moxa MiiNePort - Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/May/7"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-2286", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160503 Moxa MiiNePort - Multiple Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/May/7"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-2286", "datePublished": "2016-05-31T01:00:00", "dateReserved": "2016-02-09T00:00:00", "dateUpdated": "2016-11-28T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:miineport_e2_1242:-:*:*:*:*:*:*:*", "matchCriteriaId": "11908A9E-F663-465E-8B82-BF87E3784B47", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:miineport_e2_1242_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8E792AAB-B443-4B47-B107-A63E13A63BC2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:miineport_e1_7080:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C447CD7-DE56-400E-A2FE-DBDB2C823582", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:miineport_e1_7080_firmware:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "4146FD5D-353C-46B7-B20E-332938FBF293", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:miineport_e2_4561:-:*:*:*:*:*:*:*", "matchCriteriaId": "E91547AA-0065-45E2-9F2B-FF3B72BD45E3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:miineport_e2_4561_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3066833-C70E-47C1-A9DE-C2BB45F2A705", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0017FB3-ADDC-477E-B4CD-4BFF1977CED0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:miineport_e3_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "99CDEEBE-99D9-4236-9607-04395FA566DD", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:miineport_e1_4641:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6D91144-8D7D-4DED-B095-0033BD8F05C2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:miineport_e1_4641_firmware:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "33701ECB-E809-4969-8C98-F6E177E769A4", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors."}, {"lang": "es", "value": "Dispositivos Moxa MiiNePort_E1_4641 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E1_7080 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E2_1242 con firmware 1.1 Build 10080614, dispositivos MiiNePort_E2_4561 con firmware 1.1 Build 10080614 y dispositivos MiiNePort E3 con firmware 1.0 Build 11071409 tienen una contrase\u00f1a en blanco por defecto, lo que permite a atacantes remotos obtener acceso a trav\u00e9s de vectores no especificados."}], "id": "CVE-2016-2286", "lastModified": "2016-11-30T03:04:48.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-31T01:59:05.947", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://seclists.org/fulldisclosure/2016/May/7"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}