CVE-2016-9369

Summary

CVE	CVE-2016-9369
State	PUBLISHED
Assigner	icscert
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-02-13 21:59:02 UTC
Updated	2026-06-02 20:16:20 UTC
Description	An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution.

Risk And Classification

Primary CVSS: v3.1 9.8 CRITICAL from ADP

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS: 0.074030000 probability, percentile 0.918670000 (date 2026-06-02)

Problem Types: CWE-287 | CWE-306 | Moxa NPort Device firmware spoof | CWE-306 CWE-306 Missing Authentication for Critical Function

Version	Source	Type	Score	Severity	Vector
3.1	ADP	DECLARED	9.8	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	9.8	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
3.0	[email protected]	Primary	9.8	CRITICAL	`CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
2.0	[email protected]	Primary	10		`AV:N/AC:L/Au:N/C:C/I:C/A:C`

CVSS v3.1 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v3.0 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Moxa	Nport 5100a Series Firmware	All	All	All	All
Operating System	Moxa	Nport 5100 Series Firmware	All	All	All	All
Operating System	Moxa	Nport 5100 Series Firmware	All	All	All	All
Hardware	Moxa	Nport 5110	-	All	All	All
Hardware	Moxa	Nport 5110a	-	All	All	All
Hardware	Moxa	Nport 5130	-	All	All	All
Hardware	Moxa	Nport 5130a	-	All	All	All
Hardware	Moxa	Nport 5150	-	All	All	All
Hardware	Moxa	Nport 5150a	-	All	All	All
Hardware	Moxa	Nport 5150a1-m12	-	All	All	All
Hardware	Moxa	Nport 5150a1-m12-ct	-	All	All	All
Hardware	Moxa	Nport 5150a1-m12-ct-t	-	All	All	All
Hardware	Moxa	Nport 5150a1-m12-t	-	All	All	All
Operating System	Moxa	Nport 5200a Series Firmware	All	All	All	All
Operating System	Moxa	Nport 5200 Series Firmware	All	All	All	All
Hardware	Moxa	Nport 5210	-	All	All	All
Hardware	Moxa	Nport 5210a	-	All	All	All
Hardware	Moxa	Nport 5230	-	All	All	All
Hardware	Moxa	Nport 5230a	-	All	All	All
Hardware	Moxa	Nport 5232	-	All	All	All
Hardware	Moxa	Nport 5232i	-	All	All	All
Hardware	Moxa	Nport 5250a	-	All	All	All
Hardware	Moxa	Nport 5250a1-m12	-	All	All	All
Hardware	Moxa	Nport 5250a1-m12-ct	-	All	All	All
Hardware	Moxa	Nport 5250a1-m12-ct-t	-	All	All	All
Hardware	Moxa	Nport 5250a1-m12-t	-	All	All	All
Operating System	Moxa	Nport 5400 Series Firmware	All	All	All	All
Hardware	Moxa	Nport 5410	-	All	All	All
Hardware	Moxa	Nport 5430	-	All	All	All
Hardware	Moxa	Nport 5430i	-	All	All	All
Hardware	Moxa	Nport 5450	-	All	All	All
Hardware	Moxa	Nport 5450-t	-	All	All	All
Hardware	Moxa	Nport 5450a1-m12	-	All	All	All
Hardware	Moxa	Nport 5450a1-m12-ct	-	All	All	All
Hardware	Moxa	Nport 5450a1-m12-ct-t	-	All	All	All
Hardware	Moxa	Nport 5450a1-m12-t	-	All	All	All
Hardware	Moxa	Nport 5450i	-	All	All	All
Hardware	Moxa	Nport 5450i-t	-	All	All	All
Hardware	Moxa	Nport 5600-8-dtl Series Firmware	All	All	All	All
Operating System	Moxa	Nport 5600 Series Firmware	All	All	All	All
Hardware	Moxa	Nport 5610	-	All	All	All
Hardware	Moxa	Nport 5610-8-dtl	-	All	All	All
Hardware	Moxa	Nport 5630	-	All	All	All
Hardware	Moxa	Nport 5650	-	All	All	All
Hardware	Moxa	Nport 5650-8-dtl	-	All	All	All
Hardware	Moxa	Nport 5650i-8-dtl	-	All	All	All
Operating System	Moxa	Nport 5x50a1-m12 Series Firmware	All	All	All	All
Operating System	Moxa	Nport 6100 Series Firmware	All	All	All	All
Hardware	Moxa	Nport 6150	-	All	All	All
Hardware	Moxa	Nport 6150-t	-	All	All	All
Hardware	Moxa	Nport P5110a	-	All	All	All
Operating System	Moxa	Nport P5150a Series Firmware	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	Moxa NPort	affected Moxa NPort	Not specified

References

Reference	Source	Link	Tags
Moxa NPort Device Vulnerabilities \| ICS-CERT	af854a3a-2127-422b-91ae-364da2661108	ics-cert.us-cert.gov	Third Party Advisory, US Government Resource
Multiple Moxa NPort Products ICSA-16-336-02 Multiple Security Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.