PatchSiren cyber security CVE debrief

CVE-2016-8372 Moxa CVE debrief

CVE-2016-8372 affects multiple Moxa ioLogik E1200- and E2200-series devices running listed firmware versions. NVD describes the issue as a password being transmitted in a format that is not sufficiently secure. Because the affected components are industrial I/O devices and the CVSS vector is network-based with no privileges or user interaction required, defenders should treat this as a high-priority credential exposure risk.

Vendor: Moxa
Product: CVE-2016-8372
CVSS: HIGH 8.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

OT/ICS operators using Moxa ioLogik E1210/E1211/E1212/E1213/E1214/E1240/E1241/E1242/E1260/E1262 and E2210/E2212/E2214/E2240/E2242/E2260/E2262 devices, as well as asset owners and administrators responsible for firmware and network segmentation.

Technical summary

NVD lists this issue under CWE-255 and rates it CVSS 3.1 8.1/High (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability description states that a password is transmitted in a format that is not sufficiently secure. Affected firmware versions include Moxa ioLogik E1210 V2.4 and prior, E1211 V2.3 and prior, E1212 V2.4 and prior, E1213 V2.5 and prior, E1214 V2.4 and prior, E1240 V2.3 and prior, E1241 V2.4 and prior, E1242 V2.4 and prior, E1260 V2.4 and prior, E1262 V2.4 and prior, and E2210 V3.13 and prior, E2212 V3.14 and prior, E2214 V3.12 and prior, E2240 V3.12 and prior, E2242 V3.12 and prior, E2260 V3.13 and prior, and E2262 V3.12 and prior. NVD references the ICS-CERT advisory ICSA-16-287-05 and SecurityFocus BID 93550.

Defensive priority

High. This is a remotely reachable credential-handling weakness in industrial equipment, with potential confidentiality, integrity, and availability impact. Prioritize remediation for exposed or production OT environments.

Recommended defensive actions

Inventory all Moxa ioLogik E1200 and E2200 series devices and confirm exact firmware versions.
Upgrade to vendor-recommended fixed firmware versions for each affected model, or the latest supported release.
Restrict access to device management and control interfaces to trusted engineering networks only.
Segment OT networks to reduce exposure of these devices from broader enterprise or internet-facing paths.
Review whether credentials could have been exposed in transit and rotate affected credentials if exposure is suspected.
Monitor vendor and ICS-CERT guidance for any model-specific remediation notes or additional mitigations.

Evidence notes

This debrief is based on the supplied NVD record and its referenced ICS-CERT/SecurityFocus links. The CVE was published on 2017-02-13 and later modified on 2026-05-13; the modified date should not be treated as the issue date. NVD records the weakness as CWE-255 and assigns CVSS 3.1 8.1/High.

Official resources

CVE-2016-8372 CVE record
CVE.org
CVE-2016-8372 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource

Publicly disclosed in the CVE record published on 2017-02-13. NVD indicates later metadata modification on 2026-05-13.