CVE-2016-5799

EPSS 0.9%
Veröffentlicht 24.08.2016 02:00:24
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moxa ≫ Oncell G3001 Firmware Version <= 1.6

   Moxa ≫ Oncell G3111 Version-
   Moxa ≫ Oncell G3151 Version-
   Moxa ≫ Oncell G3211 Version-
   Moxa ≫ Oncell G3251 Version-

Moxa ≫ Oncell G3100v2 Firmware Version <= 2.7

Moxa ≫ Oncell G3100v2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.748

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

http://www.securityfocus.com/bid/92606

https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2016-5799

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5799

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5799

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-5799