CVE-2017-7915 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
CVE-2017-7913 (CWE-256: Plaintext Storage of a Password)
CVE-2017-7917 (CWE-352: Cross-Site Request Forgery)
The following versions of OnCell, a high-speed industrial-grade IP gateway, are affected:
OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions,
OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions,
OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions,
OnCell 5104-HSDPA,
OnCell 5104-HSPA,
OnCell 5004-HSPA.
CVE-2016-9366 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
CVE-2016-9365 (CWE-352: Cross-Site Request Forgery)
CVE-2016-9348 (CWE-256: Plaintext Storage of a Password)
The following Moxa NPort versions are affected:
NPort 5110 versions prior to 2.7,
NPort 5130/5150 Series versions prior to 3.7,
NPort 5200 Series versions prior to 2.9,
NPort 5400 Series versions prior to 3.12,
NPort 5600 Series versions prior to 3.8,
NPort 5100A Series & NPort P5150A versions prior to 1.4,
NPort 5200A Series versions prior to 1.4,
NPort 5150AI-M12 Series versions prior to 1.3,
NPort 5250AI-M12 Series versions prior to 1.3,
NPort 5450AI-M12 Series versions prior to 1.3,
NPort 5600-8-DT Series versions prior to 2.5,
NPort 5600-8-DTL Series versions prior to 2.5,
NPort IA5450A versions prior to v1.4,
NPort 6000 series versions prior to 1.16,
NPort 6110 series all versions.
CVE-2016-8363 (CWE-264: Permissions, Privileges, and Access Controls)
CVE-2016-8362 (CWE-287: Improper Authentication)
The following Moxa OnCell versions are affected:
OnCellG3470A-LTE,
AWK-1131A/3131A/4131A Series,
AWK-3191 Series,
AWK-5232/6232 Series,
AWK-1121/1127 Series,
WAC-1001 V2 Series,
WAC-2004 Series,
AWK-3121-M12-RTG Series,
AWK-3131-M12-RCC Series,
AWK-5232-M12-RCC Series,
TAP-6226 Series,
AWK-3121/4121 Series,
AWK-3131/4131 Series,
AWK-5222/6222 Series.
CVE-2016-8346 (CWE-284: Improper Access Control)
The following EDR-810 versions are affected:
EDR-810 using firmware versions prior to V3.13.
CVE-2016-5804 (CWE-326: Inadequate Encryption Strength)
The vulnerability affects the following products:
MGate MB3180, versions prior to v1.8,
MGate MB3280, versions prior to v2.7,
MGate MB3480, versions prior to v2.6,
MGate MB3170, versions prior to v2.5,
MGate MB3270, versions prior to v2.7.
CVE-2016-5819 (CWE-79: Improper Neutralization of Input During Web Page Generation)
CVE-2016-5799 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
CVE-2016-5812 (CWE-256: Plaintext Storage of a Password)
The following Moxa OnCell versions are affected:
OnCell G3100V2 Series, editions prior to Version 2.8,
OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7.
The following Moxa devices are also affected (CVE-2016-5799 and CVE-2016-5812), but not listed in the advisory:
OnCell G3150/5004 Series,
NPort 5250A Series,
MiiNePort E2.
CVE-2016-4503 (CWE-639: Authorization Bypass Through User-Controlled Key)
The following Device Server Web Console 5232-N versions are affected:
Device Server Web Console 5232-N, all versions.
CVE-2016-0875 (CWE-284: Improper Access Control)
CVE-2016-0876 (CWE-256: Plaintext Storage of a Password)
CVE-2016-0877 (CWE-401: Improper Release of Memory Before Removing Last Reference)
CVE-2016-0878 (CWE-400: Uncontrolled Resource Consumption)
CVE-2016-0879 (CWE-264: Permissions, Privileges, and Access Controls)
The following Moxa Secure Routers are affected:
EDR-G903 Versions V3.4.11 and older.