NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability
CVE-2023-4929

6.5MEDIUM

Key Information:

Vendor: Moxa
Status: Nport 5000ai-m12 Series; Nport 5100 Series; Nport 5100a Series; Nport 5200 Series
Vendor: CVE Published:; 3 October 2023

Summary

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.

Affected Version(s)

NPort 5000AI-M12 Series 1.0 <= 1.5

NPort 5100 Series 1.0 <= 3.10

NPort 5100A Series 1.0 <= 1.6

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Sep 13, 2023