Cross-Site Request Forgery Vulnerability in Moxa NPort Products
CVE-2016-9365

8.8HIGH

Key Information:

Vendor: Moxa
Status: Moxa Nport
Vendor: CVE Published:; 13 February 2017

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in multiple Moxa NPort products. This vulnerability allows an attacker to send unauthorized requests from users who have authenticated to these devices, potentially compromising their security and integrity. Affected versions include various models of the NPort series prior to their respective updates, making it crucial for users to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

Moxa NPort Moxa NPort

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02

x_refsource_MISC

http://www.securityfocus.com/bid/85965

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Nov 16, 2016