CVE-2016-9361
high-risk
Published 2017-02-13
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.
Do I need to act?
!
49.6% chance of exploitation in next 30 days
EPSS score — higher than 50% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (10)
Nport 5100 Series Firmware
Nport 5200 Series Firmware
Nport P5150A Series Firmware
Nport 5200A Series Firmware
Nport 5X50A1-M12 Series Firmware
Nport 5600-8-Dtl Series Firmware
Nport 5400 Series Firmware
Nport 5600 Series Firmware
Nport 5100A Series Firmware
Nport 6100 Series Firmware
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/85965
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
Third Party Advisory
http://www.securityfocus.com/bid/85965
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
66
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
18/34 · Moderate
Exposure
16/34 · Moderate