Vulnerability Description
Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Oncell Gateway Firmware | <= 1.3 |
| Moxa | Oncell Gateway G3111 | - |
| Moxa | Oncell Gateway G3151 | - |
| Moxa | Oncell Gateway G3211 | - |
| Moxa | Oncell Gateway G3251 | - |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01US Government Resource
- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01US Government Resource
FAQ
What is CVE-2012-3039?
CVE-2012-3039 is a vulnerability with a CVSS score of 7.1 (HIGH). Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain...
How severe is CVE-2012-3039?
CVE-2012-3039 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3039?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Oncell Gateway Firmware, Moxa Oncell Gateway G3111, Moxa Oncell Gateway G3151, Moxa Oncell Gateway G3211, Moxa Oncell Gateway G3251.