Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-9361

Published: 13/02/2017 Updated: 17/02/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 830
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Moxa

Vulnerability Summary

An issue exists in Moxa NPort 5110 versions before 2.6, NPort 5130/5150 Series versions before 3.6, NPort 5200 Series versions before 2.8, NPort 5400 Series versions before 3.11, NPort 5600 Series versions before 3.7, NPort 5100A Series & NPort P5150A versions before 1.3, NPort 5200A Series versions before 1.3, NPort 5150AI-M12 Series versions before 1.2, NPort 5250AI-M12 Series versions before 1.2, NPort 5450AI-M12 Series versions before 1.2, NPort 5600-8-DT Series versions before 2.4, NPort 5600-8-DTL Series versions before 2.4, NPort 6x50 Series versions before 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moxa nport_5100_series_firmware

moxa nport_5200_series_firmware

moxa nport_5400_series_firmware

moxa nport_5600_series_firmware

moxa nport_5100a_series_firmware

moxa nport_p5150a_series_firmware

moxa nport_5200a_series_firmware

moxa nport_5x50a1-m12_series_firmware

moxa nport_5600-8-dtl_series_firmware

moxa nport_6100_series_firmware

Exploits

Exploit DB: Moxa UDP Device Discovery
The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed for more a ...
Exploit DB: Moxa UDP Device Discovery
The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed for more a ...

Metasploit Modules

Moxa UDP Device Discovery

The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed for more advanced functions. The discovery data is 8 bytes in length and is the most basic example of the Moxa protocol. It may be sent out as a broadcast (destination 255.255.255.255) or to an individual device. Devices that respond to this query may be vulnerable to serious information disclosure vulnerabilities, such as CVE-2016-9361. The module is the work of Patrick DeSantis of Cisco Talos and is derived from original work by K. Reid Wightman. Tested and validated on a Moxa NPort 6250 with firmware versions 1.13 and 1.15.

msf > use auxiliary/scanner/scada/moxa_discover
msf auxiliary(moxa_discover) > show actions
    ...actions...
msf auxiliary(moxa_discover) > set ACTION < action-name >
msf auxiliary(moxa_discover) > show options
    ...show and set options...
msf auxiliary(moxa_discover) > run
Moxa UDP Device Discovery

The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed for more advanced functions. The discovery data is 8 bytes in length and is the most basic example of the Moxa protocol. It may be sent out as a broadcast (destination 255.255.255.255) or to an individual device. Devices that respond to this query may be vulnerable to serious information disclosure vulnerabilities, such as CVE-2016-9361. The module is the work of Patrick DeSantis of Cisco Talos and is derived from original work by K. Reid Wightman. Tested and validated on a Moxa NPort 6250 with firmware versions 1.13 and 1.15.

msf > use auxiliary/scanner/scada/moxa_discover
msf auxiliary(moxa_discover) > show actions
    ...actions...
msf auxiliary(moxa_discover) > set ACTION < action-name >
msf auxiliary(moxa_discover) > show options
    ...show and set options...
msf auxiliary(moxa_discover) > run

References

CWE-287https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02http://www.securityfocus.com/bid/85965https://nvd.nist.govhttps://www.rapid7.com/db/modules/auxiliary/scanner/scada/moxa_discover/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook