CRITICAL: CVE-2016-9361 (CVSS 9.8) — moxa nport 5100 series firmware
CVE: CVE-2016-9361
CVSS: 9.8 (3.0) — CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
Status: Critical advisory
Affected
- moxa nport 5100 series firmware
- moxa nport 5110
- moxa nport 5130
- moxa nport 5150
- moxa nport 5200 series firmware
Summary
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.
Verified Sources
References
- http://www.securityfocus.com/bid/85965
- https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
- http://www.securityfocus.com/bid/85965
- https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._
Lyrie Verdict
A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.
Validated sources
- [1]NVD
- [2]GitHub Advisory
- [3]MITRE