CVE-2016-9363
7.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 3.9 / Impact: 3.4
Source: NVD
Description
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code.
Affected (11)
Products: Moxa: Nport 5100 Series Firmware, Nport 5200 Series Firmware, Nport 5400 Series Firmware, Nport 5600 Series Firmware, Nport 5100a Series Firmware, Nport P5150a Series Firmware, Nport 5200a Series Firmware, Nport 5x50a1 M12 Series Firmware, Nport 5600 8 Dtl Series Firmware, Nport 6100 Series Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.5 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5110 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.5 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5130 | All versions |
Moxa Nport 5150 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.7 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5210 | All versions |
Moxa Nport 5230 | All versions |
Moxa Nport 5232 | All versions |
Moxa Nport 5232i | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.10 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5410 | All versions |
Moxa Nport 5430 | All versions |
Moxa Nport 5430i | All versions |
Moxa Nport 5450 | All versions |
Moxa Nport 5450 T | All versions |
Moxa Nport 5450i | All versions |
Moxa Nport 5450i T | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.6 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5610 | All versions |
Moxa Nport 5630 | All versions |
Moxa Nport 5650 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5110a | All versions |
Moxa Nport 5130a | All versions |
Moxa Nport 5150a | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport P5110a | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5210a | All versions |
Moxa Nport 5230a | All versions |
Moxa Nport 5250a | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5150a1 M12 | All versions |
Moxa Nport 5150a1 M12 Ct | All versions |
Moxa Nport 5150a1 M12 Ct T | All versions |
Moxa Nport 5150a1 M12 T | All versions |
Moxa Nport 5250a1 M12 | All versions |
Moxa Nport 5250a1 M12 Ct | All versions |
Moxa Nport 5250a1 M12 Ct T | All versions |
Moxa Nport 5250a1 M12 T | All versions |
Moxa Nport 5450a1 M12 | All versions |
Moxa Nport 5450a1 M12 Ct | All versions |
Moxa Nport 5450a1 M12 Ct T | All versions |
Moxa Nport 5450a1 M12 T | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.3 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5610 8 Dtl | All versions |
Moxa Nport 5650 8 Dtl | All versions |
Moxa Nport 5650i 8 Dtl | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.13 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 6150 | All versions |
Moxa Nport 6150 T | All versions |
Related CWEs
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
References (4)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.