CVE-2016-5816 - OpenCVE

A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Westermo	Mrd-305-din Mrd-305-din Firmware Mrd-315-din Mrd-315-din Firmware Mrd-355-din Mrd-355-din Firmware Mrd-455-din Mrd-455-din Firmware

Configuration 1 [-]

AND

cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*

cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*

cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*

cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*

cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-08-25T16:00:00

Updated: 2024-08-06T01:15:10.654Z

Reserved: 2016-06-23T00:00:00

Link: CVE-2016-5816

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-08-25T16:29:00.190

Modified: 2017-08-30T16:58:29.660

Link: CVE-2016-5816

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-25T15:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-5816", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:15:10.654Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-5816", "datePublished": "2017-08-25T16:00:00", "dateReserved": "2016-06-23T00:00:00", "dateUpdated": "2024-08-06T01:15:10.654Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9962B99-63CF-489E-95B4-A26F851F64E6", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "12D52093-D913-47EA-80F1-927355BB543F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7E32165-E272-4ADD-B14F-585950E25A7C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "53BB09CA-7887-4422-BB7F-2B6FEFDD81A4", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*", "matchCriteriaId": "5305D4F0-10A0-4B6A-97B2-C49EE527088E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED01C8B2-2A75-4420-8156-F7B53C50E269", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*", "matchCriteriaId": "B043DE84-41F2-4AE2-8254-275FDED1ED77", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7777DED-BF73-4512-813E-2F858D787DB9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source."}, {"lang": "es", "value": "Se ha descubierto un problema de uso de clave criptogr\u00e1fica codificada de forma r\u00edgida en MRD-305-DIN en versiones anteriores a la 1.7.5.0, y MRD-315, MRD-355, MRD-455 en versiones anteriores a la 1.7.5.0. El dispositivo emplea claves criptogr\u00e1ficas privadas codificadas de forma r\u00edgida que podr\u00edan permitir que un atacante descifre el tr\u00e1fico desde cualquier otro origen."}], "id": "CVE-2016-5816", "lastModified": "2017-08-30T16:58:29.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-25T16:29:00.190", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}