Moxa NPort身份验证漏洞
CVE编号
CVE-2016-9366利用情况
暂无补丁情况
N/A披露时间
2017-02-14漏洞描述
MOXA Nport是一款串口通讯服务器。 Moxa NPort存在身份验证漏洞。攻击者利用漏洞可暴力破解绕过身份验证。解决建议
厂商已发布了升级版本,请及时下载更新:NPort 5110 Version 2.6:http://www.moxa.com/support/download.aspx?type=support&id=882 (link is external)NPort 5130/5150 Series Version 3.6:http://www.moxa.com/support/download.aspx?type=support&id=356 (link is external)NPort 5200 Series Version 2.8:http://www.moxa.com/support/download.aspx?type=support&id=904 (link is external)NPort 5400 Series Version 3.11:http://www.moxa.com/support/download.aspx?type=support&id=925 (link is external)NPort 5600 Series Version 3.7:http://www.moxa.com/support/download.aspx?type=support&id=905 (link is external)NPort 5100A Series & NPort P5150A Version 1.3:http://www.moxa.com/support/download.aspx?type=support&id=1403 (link is external)NPort 5200A Series Version 1.3:http://www.moxa.com/support/download.aspx?type=support&id=1462 (link is external)NPort 5150AI-M12 Series Version 1.2:http://www.moxa.com/support/download.aspx?type=support&id=2206 (link is external)NPort 5250AI-M12 Series Version 1.2:http://www.moxa.com/support/download.aspx?type=support&id=2207 (link is external)NPort 5450AI-M12 Series Version 1.2:http://www.moxa.com/support/download.aspx?type=support&id=2208 (link is external)NPort 5600-8-DT Series Version 2.4:http://www.moxa.com/support/download.aspx?type=support&id=938 (link is external)NPort 5600-8-DTL Series Version 1.3:http://www.moxa.com/support/download.aspx?type=support&id=1819 (link is external)NPort 6x50 Series Version 1.14:http://www.moxa.com/support/download.aspx?type=support&id=733 (link is external)NPort IA5450A Version 1.4:http://www.moxa.com/support/download.aspx?type=support&id=1469
参考链接 |
|
|---|---|
| http://www.securityfocus.com/bid/85965 | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_5100a_series_firmware | * | Up to (including) 1.2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_5100_series_firmware | * | Up to (including) 2.5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_5100_series_firmware | * | Up to (including) 3.5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_5200a_series_firmware | * | Up to (including) 1.2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_5200_series_firmware | * | Up to (including) 2.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_5400_series_firmware | * | Up to (including) 3.10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_5600_series_firmware | * | Up to (including) 3.6 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_5x50a1-m12_series_firmware | * | Up to (including) 1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_6100_series_firmware | * | Up to (including) 1.13 | |||||
| 运行在以下环境 | |||||||||
| 系统 | moxa | nport_p5150a_series_firmware | * | Up to (including) 1.2 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5110 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5110a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5130 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5130a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5150 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5150a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5150a1-m12 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5150a1-m12-ct | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5150a1-m12-ct-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5150a1-m12-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5210 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5210a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5230 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5230a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5232 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5232i | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5250a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5250a1-m12 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5250a1-m12-ct | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5250a1-m12-ct-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5250a1-m12-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5410 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5430 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5430i | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5450 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5450-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5450a1-m12 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5450a1-m12-ct | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5450a1-m12-ct-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5450a1-m12-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5450i | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5450i-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5600-8-dtl_series_firmware | * | Up to (including) 2.3 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5610 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5610-8-dtl | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5630 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5650 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5650-8-dtl | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_5650i-8-dtl | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_6150 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_6150-t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | moxa | nport_p5110a | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-264 | 权限、特权和访问控制 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论