CVE-2016-9371
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD
Description
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING).
Affected (11)
Products: Moxa: Nport 5100 Series Firmware, Nport 5200 Series Firmware, Nport 5400 Series Firmware, Nport 5600 Series Firmware, Nport 5100a Series Firmware, Nport P5150a Series Firmware, Nport 5200a Series Firmware, Nport 5x50a1 M12 Series Firmware, Nport 5600 8 Dtl Series Firmware, Nport 6100 Series Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.5 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5110 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.5 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5130 | All versions |
Moxa Nport 5150 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.7 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5210 | All versions |
Moxa Nport 5230 | All versions |
Moxa Nport 5232 | All versions |
Moxa Nport 5232i | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.10 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5410 | All versions |
Moxa Nport 5430 | All versions |
Moxa Nport 5430i | All versions |
Moxa Nport 5450 | All versions |
Moxa Nport 5450 T | All versions |
Moxa Nport 5450i | All versions |
Moxa Nport 5450i T | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.6 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5610 | All versions |
Moxa Nport 5630 | All versions |
Moxa Nport 5650 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5110a | All versions |
Moxa Nport 5130a | All versions |
Moxa Nport 5150a | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport P5110a | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5210a | All versions |
Moxa Nport 5230a | All versions |
Moxa Nport 5250a | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5150a1 M12 | All versions |
Moxa Nport 5150a1 M12 Ct | All versions |
Moxa Nport 5150a1 M12 Ct T | All versions |
Moxa Nport 5150a1 M12 T | All versions |
Moxa Nport 5250a1 M12 | All versions |
Moxa Nport 5250a1 M12 Ct | All versions |
Moxa Nport 5250a1 M12 Ct T | All versions |
Moxa Nport 5250a1 M12 T | All versions |
Moxa Nport 5450a1 M12 | All versions |
Moxa Nport 5450a1 M12 Ct | All versions |
Moxa Nport 5450a1 M12 Ct T | All versions |
Moxa Nport 5450a1 M12 T | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.3 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 5610 8 Dtl | All versions |
Moxa Nport 5650 8 Dtl | All versions |
Moxa Nport 5650i 8 Dtl | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.13 |
| Running on/with | Platform Versions |
|---|---|
Moxa Nport 6150 | All versions |
Moxa Nport 6150 T | All versions |
References (4)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.