CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2016-9361

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.
Publish Date : 2017-02-13 Last Update Date : 2017-02-17
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
7.5
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s)
CWE ID 287

- Products Affected By CVE-2016-9361

# Product Type Vendor Product Version Update Edition Language
1 OS Moxa Nport 5100 Series Firmware 2.5 Version Details Vulnerabilities
2 OS Moxa Nport 5100 Series Firmware 3.5 Version Details Vulnerabilities
3 OS Moxa Nport 5100a Series Firmware 1.2 Version Details Vulnerabilities
4 OS Moxa Nport 5200 Series Firmware 2.7 Version Details Vulnerabilities
5 OS Moxa Nport 5200a Series Firmware 1.2 Version Details Vulnerabilities
6 OS Moxa Nport 5400 Series Firmware 3.10 Version Details Vulnerabilities
7 OS Moxa Nport 5600 Series Firmware 3.6 Version Details Vulnerabilities
8 Hardware Moxa Nport 5600-8-dtl Series Firmware 2.3 Version Details Vulnerabilities
9 OS Moxa Nport 5x50a1-m12 Series Firmware 1.1 Version Details Vulnerabilities
10 OS Moxa Nport 6100 Series Firmware 1.13 Version Details Vulnerabilities
11 OS Moxa Nport P5150a Series Firmware 1.2 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Moxa Nport 5100 Series Firmware 2
Moxa Nport 5100a Series Firmware 1
Moxa Nport 5200 Series Firmware 1
Moxa Nport 5200a Series Firmware 1
Moxa Nport 5400 Series Firmware 1
Moxa Nport 5600 Series Firmware 1
Moxa Nport 5600-8-dtl Series Firmware 1
Moxa Nport 5x50a1-m12 Series Firmware 1
Moxa Nport 6100 Series Firmware 1
Moxa Nport P5150a Series Firmware 1

- References For CVE-2016-9361

http://www.securityfocus.com/bid/85965
BID 85965 Multiple Moxa NPort Products ICSA-16-336-02 Multiple Security Vulnerabilities Release Date:2016-12-06
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)

- Metasploit Modules Related To CVE-2016-9361

Moxa Device Credential Retrieval
The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. Many devices with firmware versions older than 2017 or late 2016 allow admin credentials and SNMP read and read/write community strings to be retrieved without authentication. This module is the work of Patrick DeSantis of Cisco Talos and K. Reid Wightman. Tested on: Moxa NPort 6250 firmware v1.13, MGate MB3170 firmware 2.5, and NPort 5110 firmware 2.6.
Module type : auxiliary Rank : normal
Moxa UDP Device Discovery
The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed for more advanced functions. The discovery data is 8 bytes in length and is the most basic example of the Moxa protocol. It may be sent out as a broadcast (destination 255.255.255.255) or to an individual device. Devices that respond to this query may be vulnerable to serious information disclosure vulnerabilities, such as CVE-2016-9361. The module is the work of Patrick DeSantis of Cisco Talos and is derived from original work by K. Reid Wightman. Tested and validated on a Moxa NPort 6250 with firmware versions 1.13 and 1.15.
Module type : auxiliary Rank : normal


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.