CVE-2016-9366

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.
References
Link Resource
http://www.securityfocus.com/bid/85965 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-02-13 21:59

Updated : 2024-02-28 15:44


NVD link : CVE-2016-9366

Mitre link : CVE-2016-9366

CVE.ORG link : CVE-2016-9366


JSON object : View

Products Affected

moxa

  • nport_5650-8-dtl
  • nport_5130
  • nport_5610-8-dtl
  • nport_5450i
  • nport_5130a
  • nport_5230
  • nport_5232i
  • nport_5610
  • nport_5150a
  • nport_p5110a
  • nport_5630
  • nport_5650i-8-dtl
  • nport_5250a1-m12
  • nport_5450i-t
  • nport_5232
  • nport_5450a1-m12
  • nport_5210
  • nport_5100a_series_firmware
  • nport_5430
  • nport_5110a
  • nport_5150a1-m12
  • nport_5x50a1-m12_series_firmware
  • nport_5600-8-dtl_series_firmware
  • nport_5450a1-m12-ct-t
  • nport_5150a1-m12-ct-t
  • nport_5650
  • nport_5250a
  • nport_5250a1-m12-ct
  • nport_5100_series_firmware
  • nport_5410
  • nport_5430i
  • nport_6100_series_firmware
  • nport_p5150a_series_firmware
  • nport_6150-t
  • nport_5600_series_firmware
  • nport_5250a1-m12-t
  • nport_5450a1-m12-t
  • nport_5210a
  • nport_5150a1-m12-t
  • nport_5150a1-m12-ct
  • nport_5250a1-m12-ct-t
  • nport_5200_series_firmware
  • nport_5230a
  • nport_5450-t
  • nport_6150
  • nport_5110
  • nport_5200a_series_firmware
  • nport_5400_series_firmware
  • nport_5450a1-m12-ct
  • nport_5150
  • nport_5450
CWE
CWE-264

Permissions, Privileges, and Access Controls