Vulnerabilities > CVE-2017-7915 - Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

moxa

CWE-307

critical

NVD

Published: 2017-05-29

Updated: 2019-10-09

Summary

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa Oncell G3110 Hspa Firmware 1.3 Moxa Oncell G3110 Hsdpa Firmware 1.2 Moxa Oncell G3150 Hsdpa Firmware 1.4 Moxa Oncell 5104 Hsdpa Firmware - Moxa Oncell 5104 Hspa Firmware - Moxa Oncell 5004 Hspa Firmware -	6
Hardware	Moxa Moxa Oncell G3110 Hspa - Moxa Oncell G3110 Hsdpa - Moxa Oncell G3150 Hsdpa - Moxa Oncell 5104 Hsdpa - Moxa Oncell 5104 Hspa - Moxa Oncell 5004 Hspa -	6

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01