CVE-2016-9366 — CRITICAL (9.8)

Q: How severe is CVE-2016-9366?

CVE-2016-9366 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-9366?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport 5100 Series Firmware, Moxa Nport 5110, Moxa Nport 5130, Moxa Nport 5150, Moxa Nport 5200 Series Firmware.

Vulnerability Description

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Moxa	Nport 5100 Series Firmware	<= 2.5
Moxa	Nport 5110	-
Moxa	Nport 5130	-
Moxa	Nport 5150	-
Moxa	Nport 5200 Series Firmware	<= 2.7
Moxa	Nport 5210	-
Moxa	Nport 5230	-
Moxa	Nport 5232	-
Moxa	Nport 5232I	-
Moxa	Nport 5400 Series Firmware	<= 3.10
Moxa	Nport 5410	-
Moxa	Nport 5430	-
Moxa	Nport 5430I	-
Moxa	Nport 5450	-
Moxa	Nport 5450-T	-
Moxa	Nport 5450I	-
Moxa	Nport 5450I-T	-
Moxa	Nport 5600 Series Firmware	<= 3.6
Moxa	Nport 5610	-
Moxa	Nport 5630	-

Related Weaknesses (CWE)

CWE-264

References

http://www.securityfocus.com/bid/85965Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/85965Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2016-9366?

CVE-2016-9366 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort...

How severe is CVE-2016-9366?

CVE-2016-9366 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-9366?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport 5100 Series Firmware, Moxa Nport 5110, Moxa Nport 5130, Moxa Nport 5150, Moxa Nport 5200 Series Firmware.