CVE-2016-9363

13.02.2017, 21:59

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Affected Products (NVD)

Vendor	Product	Version
moxa	nport_5100_series_firmware	𝑥 ≤ 2.5
moxa	nport_5100_series_firmware	𝑥 ≤ 3.5
moxa	nport_5200_series_firmware	𝑥 ≤ 2.7
moxa	nport_5400_series_firmware	𝑥 ≤ 3.10
moxa	nport_5600_series_firmware	𝑥 ≤ 3.6
moxa	nport_5100a_series_firmware	𝑥 ≤ 1.2
moxa	nport_p5150a_series_firmware	𝑥 ≤ 1.2
moxa	nport_5200a_series_firmware	𝑥 ≤ 1.2
moxa	nport_5x50a1-m12_series_firmware	𝑥 ≤ 1.1
moxa	nport_5600-8-dtl_series_firmware	𝑥 ≤ 2.3
moxa	nport_6100_series_firmware	𝑥 ≤ 1.13

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

http://www.securityfocus.com/bid/85965

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02

http://www.securityfocus.com/bid/85965

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02