CVE-2017-7913

Published: May 29, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.

Affected (6)

Products: Moxa: Oncell G3110 Hspa Firmware, Oncell G3110 Hsdpa Firmware, Oncell G3150 Hsdpa Firmware, Oncell 5104 Hsdpa Firmware, Oncell 5104 Hspa Firmware, Oncell 5004 Hspa Firmware

Moxa

6 products

Oncell G3110 Hspa Firmware

Oncell G3110 Hsdpa Firmware

Oncell G3150 Hsdpa Firmware

Oncell 5104 Hsdpa Firmware

Oncell 5104 Hspa Firmware

Oncell 5004 Hspa Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell G3110 Hspa Firmware	Up to 1.3

Running on/with	Platform Versions
Moxa Oncell G3110 Hspa	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell G3110 Hsdpa Firmware	Up to 1.2

Running on/with	Platform Versions
Moxa Oncell G3110 Hsdpa	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell G3150 Hsdpa Firmware	Up to 1.4

Running on/with	Platform Versions
Moxa Oncell G3150 Hsdpa	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell 5104 Hsdpa Firmware	Up to -

Running on/with	Platform Versions
Moxa Oncell 5104 Hsdpa	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell 5104 Hspa Firmware	Up to -

Running on/with	Platform Versions
Moxa Oncell 5104 Hspa	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell 5004 Hspa Firmware	Up to -

Running on/with	Platform Versions
Moxa Oncell 5004 Hspa	All versions

Related CWEs

CWE-256

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.