CVE-2016-9348 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2016-9348?

CVE-2016-9348 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-9348?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport 5100 Series Firmware, Moxa Nport 5110, Moxa Nport 5130, Moxa Nport 5150, Moxa Nport 5200 Series Firmware.

Vulnerability Description

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext.

CVSS Score

3.3

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Moxa	Nport 5100 Series Firmware	<= 2.5
Moxa	Nport 5110	-
Moxa	Nport 5130	-
Moxa	Nport 5150	-
Moxa	Nport 5200 Series Firmware	<= 2.7
Moxa	Nport 5210	-
Moxa	Nport 5230	-
Moxa	Nport 5232	-
Moxa	Nport 5232I	-
Moxa	Nport 5400 Series Firmware	<= 3.10
Moxa	Nport 5410	-
Moxa	Nport 5430	-
Moxa	Nport 5430I	-
Moxa	Nport 5450	-
Moxa	Nport 5450-T	-
Moxa	Nport 5450I	-
Moxa	Nport 5450I-T	-
Moxa	Nport 5600 Series Firmware	<= 3.6
Moxa	Nport 5610	-
Moxa	Nport 5630	-

Related Weaknesses (CWE)

CWE-255

References

http://www.securityfocus.com/bid/85965Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/85965Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2016-9348?

CVE-2016-9348 is a vulnerability with a CVSS score of 3.3 (LOW). An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort...

How severe is CVE-2016-9348?

CVE-2016-9348 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9348?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport 5100 Series Firmware, Moxa Nport 5110, Moxa Nport 5130, Moxa Nport 5150, Moxa Nport 5200 Series Firmware.