Authentication Bypass Vulnerability in Moxa OnCell Devices
CVE-2016-5799

9.8CRITICAL

Key Information:

Vendor: Moxa
Status: Oncell G3001 Firmware
Vendor: CVE Published:; 24 August 2016

Summary

Moxa OnCell G3100V2 and several other OnCell models are impacted by an authentication bypass vulnerability that allows remote attackers to execute brute-force attempts to gain unauthorized access. This flaw stems from the devices not sufficiently limiting the number of authentication attempts, potentially leading to significant security risks and unauthorized control over the affected devices.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01

x_refsource_MISC

http://www.securityfocus.com/bid/92606

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 24, 2016
Vulnerability Reserved
Jun 23, 2016