CVE-2018-10632 - OpenCVE

In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moxa	Nport 5210 Nport 5210 Firmware Nport 5230 Nport 5230 Firmware Nport 5232 Nport 5232 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:moxa:nport_5230_firmware:2.9:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:moxa:nport_5232_firmware:2.9:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:moxa:nport_5210_firmware:2.9:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104863
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-07-24T17:00:00Z

Updated: 2024-09-17T03:23:02.337Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10632

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-24T17:29:00.307

Modified: 2019-10-09T23:32:57.853

Link: CVE-2018-10632

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "NPort 5210, 5230, and 5232", "vendor": "Moxa", "versions": [{"status": "affected", "version": "2.9 build 17030709 and prior"}]}], "datePublic": "2018-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-25T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "104863", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104863"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-07-19T00:00:00", "ID": "CVE-2018-10632", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NPort 5210, 5230, and 5232", "version": {"version_data": [{"version_value": "2.9 build 17030709 and prior"}]}}]}, "vendor_name": "Moxa"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400"}]}]}, "references": {"reference_data": [{"name": "104863", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104863"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-04", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.303Z"}, "title": "CVE Program Container", "references": [{"name": "104863", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104863"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-04"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10632", "datePublished": "2018-07-24T17:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-17T03:23:02.337Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_5230_firmware:2.9:*:*:*:*:*:*:*", "matchCriteriaId": "6B89FA95-9500-4B96-AC2D-B24A555A4946", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*", "matchCriteriaId": "A98BEE65-958C-45B0-915B-BEB39E356CBE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_5232_firmware:2.9:*:*:*:*:*:*:*", "matchCriteriaId": "C2039BE6-9D5D-4461-90DD-21C10414EC60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*", "matchCriteriaId": "C40A47B2-55B7-43E3-9E01-34CB57D16267", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_5210_firmware:2.9:*:*:*:*:*:*:*", "matchCriteriaId": "0276362C-31A2-41F8-9430-4C8694817519", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*", "matchCriteriaId": "18402F31-34ED-431B-A9D3-1EDC546B9381", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition."}, {"lang": "es", "value": "En Moxa NPort 5210, 5230 y 5232 en versiones 2.9 build 17030709 y anteriores, la cantidad de recursos solicitada por un actor malicioso no est\u00e1 restringida, lo que permite una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-10632", "lastModified": "2019-10-09T23:32:57.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-24T17:29:00.307", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104863"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}