CVE-2022-2044 - OpenCVE

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moxa	Nport 5110 Nport 5110 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:moxa:nport_5110_firmware:2.10:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-08-31T15:59:34.511588Z

Updated: 2024-09-16T17:07:42.838Z

Reserved: 2022-06-09T00:00:00

Link: CVE-2022-2044

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-31T16:15:10.710

Modified: 2022-09-06T18:20:18.253

Link: CVE-2022-2044

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MOXA", "vendor": "MOXA", "versions": [{"status": "affected", "version": "Firmware Versions 2.10"}]}], "datePublic": "2022-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-31T15:59:34", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}], "source": {"advisory": "ICSA-22-207-04", "discovery": "EXTERNAL"}, "title": "MOXA NPort 5110 Out-of-bounds Write", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-07-26T14:06:00.000Z", "ID": "CVE-2022-2044", "STATE": "PUBLIC", "TITLE": "MOXA NPort 5110 Out-of-bounds Write"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MOXA", "version": {"version_data": [{"version_affected": "=", "version_value": "Firmware Versions 2.10"}]}}]}, "vendor_name": "MOXA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}]}, "source": {"advisory": "ICSA-22-207-04", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.078Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-2044", "datePublished": "2022-08-31T15:59:34.511588Z", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-09-16T17:07:42.838Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_5110_firmware:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "13E91A69-BD97-4353-8939-9ED34DD9A149", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9D28B00-C0BD-4B70-B871-9D18F37DCBE9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device."}, {"lang": "es", "value": "MOXA NPort 5110: Versiones de Firmware 2.10, son vulnerables a una escritura fuera de l\u00edmites que puede permitir a un atacante sobrescribir valores en la memoria, causando una condici\u00f3n de denegaci\u00f3n de servicio o potencialmente brickeando el dispositivo"}], "id": "CVE-2022-2044", "lastModified": "2022-09-06T18:20:18.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-08-31T16:15:10.710", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}