CVE-2016-9369

EPSS 7.4%
Veröffentlicht 13.02.2017 21:59:02
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Firmware can be updated over the network without authentication, which may allow remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moxa ≫ Nport 5100 Series Firmware Version <= 2.5

Moxa ≫ Nport 5110 Version-

Moxa ≫ Nport 5100 Series Firmware Version <= 3.5

Moxa ≫ Nport 5130 Version-
Moxa ≫ Nport 5150 Version-

Moxa ≫ Nport 5200 Series Firmware Version <= 2.7

   Moxa ≫ Nport 5210 Version-
   Moxa ≫ Nport 5230 Version-
   Moxa ≫ Nport 5232 Version-
   Moxa ≫ Nport 5232i Version-

Moxa ≫ Nport 5400 Series Firmware Version <= 3.10

   Moxa ≫ Nport 5410 Version-
   Moxa ≫ Nport 5430 Version-
   Moxa ≫ Nport 5430i Version-
   Moxa ≫ Nport 5450 Version-
   Moxa ≫ Nport 5450-t Version-
   Moxa ≫ Nport 5450i Version-
   Moxa ≫ Nport 5450i-t Version-

Moxa ≫ Nport 5600 Series Firmware Version <= 3.6

   Moxa ≫ Nport 5610 Version-
   Moxa ≫ Nport 5630 Version-
   Moxa ≫ Nport 5650 Version-

Moxa ≫ Nport 5100a Series Firmware Version <= 1.2

   Moxa ≫ Nport 5110a Version-
   Moxa ≫ Nport 5130a Version-
   Moxa ≫ Nport 5150a Version-

Moxa ≫ Nport P5150a Series Firmware Version <= 1.2

Moxa ≫ Nport P5110a Version-

Moxa ≫ Nport 5200a Series Firmware Version <= 1.2

   Moxa ≫ Nport 5210a Version-
   Moxa ≫ Nport 5230a Version-
   Moxa ≫ Nport 5250a Version-

Moxa ≫ Nport 5x50a1-m12 Series Firmware Version <= 1.1

   Moxa ≫ Nport 5150a1-m12 Version-
   Moxa ≫ Nport 5150a1-m12-ct Version-
   Moxa ≫ Nport 5150a1-m12-ct-t Version-
   Moxa ≫ Nport 5150a1-m12-t Version-
   Moxa ≫ Nport 5250a1-m12 Version-
   Moxa ≫ Nport 5250a1-m12-ct Version-
   Moxa ≫ Nport 5250a1-m12-ct-t Version-
   Moxa ≫ Nport 5250a1-m12-t Version-
   Moxa ≫ Nport 5450a1-m12 Version-
   Moxa ≫ Nport 5450a1-m12-ct Version-
   Moxa ≫ Nport 5450a1-m12-ct-t Version-
   Moxa ≫ Nport 5450a1-m12-t Version-

Moxa ≫ Nport 5600-8-dtl Series Firmware Version <= 2.3

   Moxa ≫ Nport 5610-8-dtl Version-
   Moxa ≫ Nport 5650-8-dtl Version-
   Moxa ≫ Nport 5650i-8-dtl Version-

Moxa ≫ Nport 6100 Series Firmware Version <= 1.13

Moxa ≫ Nport 6150 Version-
Moxa ≫ Nport 6150-t Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.4%	0.908

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/85965

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2016-9369

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9369

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9369

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-9369