CVE-2016-9371

EPSS 0.32%
Veröffentlicht 13.02.2017 21:59:02
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moxa ≫ Nport 5100 Series Firmware Version <= 2.5

Moxa ≫ Nport 5110 Version-

Moxa ≫ Nport 5100 Series Firmware Version <= 3.5

Moxa ≫ Nport 5130 Version-
Moxa ≫ Nport 5150 Version-

Moxa ≫ Nport 5200 Series Firmware Version <= 2.7

   Moxa ≫ Nport 5210 Version-
   Moxa ≫ Nport 5230 Version-
   Moxa ≫ Nport 5232 Version-
   Moxa ≫ Nport 5232i Version-

Moxa ≫ Nport 5400 Series Firmware Version <= 3.10

   Moxa ≫ Nport 5410 Version-
   Moxa ≫ Nport 5430 Version-
   Moxa ≫ Nport 5430i Version-
   Moxa ≫ Nport 5450 Version-
   Moxa ≫ Nport 5450-t Version-
   Moxa ≫ Nport 5450i Version-
   Moxa ≫ Nport 5450i-t Version-

Moxa ≫ Nport 5600 Series Firmware Version <= 3.6

   Moxa ≫ Nport 5610 Version-
   Moxa ≫ Nport 5630 Version-
   Moxa ≫ Nport 5650 Version-

Moxa ≫ Nport 5100a Series Firmware Version <= 1.2

   Moxa ≫ Nport 5110a Version-
   Moxa ≫ Nport 5130a Version-
   Moxa ≫ Nport 5150a Version-

Moxa ≫ Nport P5150a Series Firmware Version <= 1.2

Moxa ≫ Nport P5110a Version-

Moxa ≫ Nport 5200a Series Firmware Version <= 1.2

   Moxa ≫ Nport 5210a Version-
   Moxa ≫ Nport 5230a Version-
   Moxa ≫ Nport 5250a Version-

Moxa ≫ Nport 5x50a1-m12 Series Firmware Version <= 1.1

   Moxa ≫ Nport 5150a1-m12 Version-
   Moxa ≫ Nport 5150a1-m12-ct Version-
   Moxa ≫ Nport 5150a1-m12-ct-t Version-
   Moxa ≫ Nport 5150a1-m12-t Version-
   Moxa ≫ Nport 5250a1-m12 Version-
   Moxa ≫ Nport 5250a1-m12-ct Version-
   Moxa ≫ Nport 5250a1-m12-ct-t Version-
   Moxa ≫ Nport 5250a1-m12-t Version-
   Moxa ≫ Nport 5450a1-m12 Version-
   Moxa ≫ Nport 5450a1-m12-ct Version-
   Moxa ≫ Nport 5450a1-m12-ct-t Version-
   Moxa ≫ Nport 5450a1-m12-t Version-

Moxa ≫ Nport 5600-8-dtl Series Firmware Version <= 2.3

   Moxa ≫ Nport 5610-8-dtl Version-
   Moxa ≫ Nport 5650-8-dtl Version-
   Moxa ≫ Nport 5650i-8-dtl Version-

Moxa ≫ Nport 6100 Series Firmware Version <= 1.13

Moxa ≫ Nport 6150 Version-
Moxa ≫ Nport 6150-t Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.522

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/85965

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2016-9371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9371

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-9371