Information Exposure Vulnerability in Moxa NPort Products
CVE-2017-16715

7.5HIGH

Key Information:

Vendor: Moxa
Status: Moxa Nport 5110, 5130, And 5150
Vendor: CVE Published:; 16 November 2017

Summary

An information exposure issue has been identified in Moxa NPort devices, specifically versions 2.2 to 2.7 of NPort 5110 and versions up to 3.7 of NPort 5130 and 5150. This vulnerability arises from improper handling of Ethernet frame padding, potentially allowing unauthorized access to sensitive information. Attackers could exploit this flaw to retrieve sensitive data, leading to significant security risks for affected systems.

Affected Version(s)

Moxa NPort 5110, 5130, and 5150 Moxa NPort 5110, 5130, and 5150

References

http://www.securityfocus.com/bid/101885

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2017
Vulnerability Reserved
Nov 9, 2017