CVE-2016-5819

Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01	US Government Resource Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:moxa:oncell_g3100v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:oncell_g3100v2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:moxa:oncell_g3111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:oncell_g3111:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:moxa:oncell_g3151_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:oncell_g3151:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:moxa:oncell_g3211_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:oncell_g3211:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:moxa:oncell_g3251_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:oncell_g3251:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-21 15:59

Updated : 2024-02-28 17:08

NVD link : CVE-2016-5819

Mitre link : CVE-2016-5819

CVE.ORG link : CVE-2016-5819

JSON object : View

Products Affected

moxa

oncell_g3111_firmware
oncell_g3251_firmware
oncell_g3100v2
oncell_g3211_firmware
oncell_g3251
oncell_g3211
oncell_g3151
oncell_g3151_firmware
oncell_g3111
oncell_g3100v2_firmware

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2016-5819", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-03-21T15:59:41.420", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01", "tags": ["US Government Resource", "Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user\u2019s browser within the trust relationship between their browser and the server."}, {"lang": "es", "value": "Las series Moxa G3100V2, ediciones anteriores a la Versi\u00f3n 2.8, y OnCell G3111 / G3151 / G3211 / G3251 Series, ediciones anteriores a la Versi\u00f3n 1.7 permiten un ataque de secuencias de comandos en sitios cruzados que puede permitir que un atacante ejecute c\u00f3digo de script arbitrario en el navegador del usuario relaci\u00f3n de confianza entre su navegador y el servidor."}], "lastModified": "2020-02-10T21:34:47.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:oncell_g3100v2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C6A14A3-F1E4-47D9-89FE-EF45C955E8BC", "versionEndExcluding": "2.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:oncell_g3100v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A008AD02-4630-46E0-9F90-5078304C99A3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:oncell_g3111_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50049E4A-9BD4-4551-8BD7-A6C04E246F83", "versionEndExcluding": "1.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:oncell_g3111:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3EBDEE8E-ADD2-471D-8DC9-E7FEAB6FCB85"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:oncell_g3151_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DCC9CE-D9BF-4163-9735-1132AB9CDEB7", "versionEndExcluding": "1.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:oncell_g3151:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D13AE8D7-9DE6-44B7-8F14-3D8E75F49069"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:oncell_g3211_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D439CDF-5D62-482C-9094-5A2F26EDFACB", "versionEndExcluding": "1.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:oncell_g3211:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8982D766-7245-4F31-BAD2-E75DCBDDFEC3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:oncell_g3251_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4FEF852-300C-4D92-BF6F-43BAE76B8945", "versionEndExcluding": "1.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:oncell_g3251:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DD3EA88-FD22-4CB1-A64F-84D0B9316ED8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}