CVE-2016-8372 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2016-8372?

CVE-2016-8372 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-8372?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Iologik E1200 Series Firmware, Moxa Iologik E1210, Moxa Iologik E1212, Moxa Iologik E1214, Moxa Iologik E1241.

Vulnerability Description

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. A password is transmitted in a format that is not sufficiently secure.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Moxa	Iologik E1200 Series Firmware	<= 2.4
Moxa	Iologik E1210	-
Moxa	Iologik E1212	-
Moxa	Iologik E1214	-
Moxa	Iologik E1241	-
Moxa	Iologik E1242	-
Moxa	Iologik E1260	-
Moxa	Iologik E1262	-
Moxa	Iologik E1211	-
Moxa	Iologik E1240	-
Moxa	Iologik E1213	-
Moxa	Iologik E2200 Series Firmware	<= 3.11
Moxa	Iologik E2214	-
Moxa	Iologik E2240	-
Moxa	Iologik E2242	-
Moxa	Iologik E2262	-
Moxa	Iologik E2210	-
Moxa	Iologik E2260	-
Moxa	Iologik E2212	-

Related Weaknesses (CWE)

CWE-255

References

http://www.securityfocus.com/bid/93550Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/93550Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2016-8372?

CVE-2016-8372 is a vulnerability with a CVSS score of 8.1 (HIGH). An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware ...

How severe is CVE-2016-8372?

CVE-2016-8372 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8372?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Iologik E1200 Series Firmware, Moxa Iologik E1210, Moxa Iologik E1212, Moxa Iologik E1214, Moxa Iologik E1241.