CVE-2016-9366
moderate-risk
Published 2017-02-13
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.
Do I need to act?
-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (10)
Nport 5100 Series Firmware
Nport 5200 Series Firmware
Nport P5150A Series Firmware
Nport 5200A Series Firmware
Nport 5X50A1-M12 Series Firmware
Nport 5600-8-Dtl Series Firmware
Nport 5400 Series Firmware
Nport 5600 Series Firmware
Nport 5100A Series Firmware
Nport 6100 Series Firmware
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/85965
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
Third Party Advisory
http://www.securityfocus.com/bid/85965
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
49
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
16/34 · Moderate