Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| 92606 | |||
| https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01 |
Improper Authorization (ID 285)
Related CAPEC 13
Accessing Functionality Not Properly Constrained by ACLs (CAPEC-ID 1)
Cross Zone Scripting (CAPEC-ID 104)
Directory Indexing (CAPEC-ID 127)
Subverting Environment Variable Values (CAPEC-ID 13)
Accessing, Modifying or Executing Executable Files (CAPEC-ID 17)
Manipulating Opaque Client-based Data Tokens (CAPEC-ID 39)
Buffer Overflow via Symbolic Links (CAPEC-ID 45)
Poison Web Service Registry (CAPEC-ID 51)
Session Credential Falsification through Prediction (CAPEC-ID 59)
Reusing Session IDs (aka Session Replay) (CAPEC-ID 60)
Manipulating Input to File System Calls (CAPEC-ID 76)
Manipulating User-Controlled Variables (CAPEC-ID 77)
Forceful Browsing (CAPEC-ID 87)