CVE-2016-9365

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY).

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/85965	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/85965	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_5130:-:::::::*
	cpe:2.3:h:moxa:nport_5150:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_5210:-:::::::*
	cpe:2.3:h:moxa:nport_5230:-:::::::*
	cpe:2.3:h:moxa:nport_5232:-:::::::*
	cpe:2.3:h:moxa:nport_5232i:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_5410:-:::::::*
	cpe:2.3:h:moxa:nport_5430:-:::::::*
	cpe:2.3:h:moxa:nport_5430i:-:::::::*
	cpe:2.3:h:moxa:nport_5450:-:::::::*
	cpe:2.3:h:moxa:nport_5450-t:-:::::::*
	cpe:2.3:h:moxa:nport_5450i:-:::::::*
	cpe:2.3:h:moxa:nport_5450i-t:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_5610:-:::::::*
	cpe:2.3:h:moxa:nport_5630:-:::::::*
	cpe:2.3:h:moxa:nport_5650:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_5110a:-:::::::*
	cpe:2.3:h:moxa:nport_5130a:-:::::::*
	cpe:2.3:h:moxa:nport_5150a:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_5210a:-:::::::*
	cpe:2.3:h:moxa:nport_5230a:-:::::::*
	cpe:2.3:h:moxa:nport_5250a:-:::::::*

Configuration 9 (hide)

AND

cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_5150a1-m12:-:::::::*
	cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:::::::*
	cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:::::::*
	cpe:2.3:h:moxa:nport_5150a1-m12-t:-:::::::*
	cpe:2.3:h:moxa:nport_5250a1-m12:-:::::::*
	cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:::::::*
	cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:::::::*
	cpe:2.3:h:moxa:nport_5250a1-m12-t:-:::::::*
	cpe:2.3:h:moxa:nport_5450a1-m12:-:::::::*
	cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:::::::*
	cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:::::::*
	cpe:2.3:h:moxa:nport_5450a1-m12-t:-:::::::*

Configuration 10 (hide)

AND

cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_5610-8-dtl:-:::::::*
	cpe:2.3:h:moxa:nport_5650-8-dtl:-:::::::*
	cpe:2.3:h:moxa:nport_5650i-8-dtl:-:::::::*

Configuration 11 (hide)

AND

cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:nport_6150:-:::::::*
	cpe:2.3:h:moxa:nport_6150-t:-:::::::*

History

21 Nov 2024, 03:01

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/85965 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/85965 - Third Party Advisory, VDB Entry
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02 - Third Party Advisory, US Government Resource

Information

Published : 2017-02-13 21:59

Updated : 2024-11-21 03:01

NVD link : CVE-2016-9365

Mitre link : CVE-2016-9365

CVE.ORG link : CVE-2016-9365

JSON object : View

Products Affected

moxa

nport_5150a1-m12-ct
nport_5130a
nport_p5150a_series_firmware
nport_5100_series_firmware
nport_5200a_series_firmware
nport_5450a1-m12-ct-t
nport_5610
nport_p5110a
nport_5450a1-m12-t
nport_6100_series_firmware
nport_6150-t
nport_5110
nport_5230
nport_5450a1-m12-ct
nport_5250a1-m12-ct-t
nport_5150a
nport_6150
nport_5400_series_firmware
nport_5410
nport_5450i-t
nport_5250a1-m12-t
nport_5130
nport_5430
nport_5650-8-dtl
nport_5232
nport_5450i
nport_5150a1-m12-t
nport_5650i-8-dtl
nport_5200_series_firmware
nport_5600_series_firmware
nport_5150
nport_5430i
nport_5630
nport_5250a
nport_5232i
nport_5450
nport_5250a1-m12-ct
nport_5150a1-m12
nport_5650
nport_5230a
nport_5600-8-dtl_series_firmware
nport_5610-8-dtl
nport_5210
nport_5100a_series_firmware
nport_5450-t
nport_5x50a1-m12_series_firmware
nport_5150a1-m12-ct-t
nport_5450a1-m12
nport_5210a
nport_5250a1-m12
nport_5110a

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.8 /10