Detections
Analytics
Moxa OnCell Arbitrary OS Commands Execution (CVE-2016-8363)
critical Tenable OT Security Plugin ID 501502
Synopsis
The remote OT asset is affected by a vulnerability.Description
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
Plugin Details
Severity: Critical
ID: 501502
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 8/2/2023
Updated: 8/3/2023
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2016-8363
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:moxa:awk-1121_firmware, cpe:/o:moxa:awk-1127_firmware, cpe:/o:moxa:awk-1131a_firmware, cpe:/o:moxa:awk-3121-m12-rtg_firmware, cpe:/o:moxa:awk-3131-m12-rcc_firmware, cpe:/o:moxa:awk-3131a_firmware, cpe:/o:moxa:awk-3191_firmware, cpe:/o:moxa:awk-3121_firmware, cpe:/o:moxa:awk-321_firmware, cpe:/o:moxa:awk-4131a_firmware, cpe:/o:moxa:awk-5232-m12-rcc_firmware, cpe:/o:moxa:awk-5232_firmware, cpe:/o:moxa:awk-6226_firmware, cpe:/o:moxa:awk-6232_firmware
Required KB Items: Tenable.ot/Moxa
Exploit Ease: No known exploits are available
Patch Publication Date: 2/13/2017
Vulnerability Publication Date: 2/13/2017
Reference Information
CVE: CVE-2016-8363
CWE: 264