PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-9344 Moxa CVE debrief

CVE-2016-9344 is a high-severity vulnerability in Moxa MiiNePort E1, E2, and E3 firmware that can let an attacker brute-force an active session cookie and use it to download configuration files. The NVD record maps affected firmware as E1 prior to 1.8, E2 prior to 1.4, and E3 prior to 1.1. Because the issue exposes configuration data and requires no privileges or user interaction, it should be treated as a serious confidentiality risk for deployed devices.

Vendor
Moxa
Product
CVE-2016-9344
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-13
Original CVE updated
2026-05-13
Advisory published
2017-02-13
Advisory updated
2026-05-13

Who should care

Operators, integrators, and asset owners using Moxa MiiNePort E1/E2/E3 devices, especially in industrial or remote-access environments where configuration files may contain sensitive network, serial, or access details. Security teams responsible for ICS/OT inventory and patch validation should also prioritize review.

Technical summary

According to the CVE description, the weakness involves an attacker being able to brute force an active session cookie and then download configuration files. NVD lists the attack vector as network, low attack complexity, no privileges required, no user interaction, and confidentiality impact only (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The affected firmware ranges in NVD are E1 versions through 1.7, E2 through 1.3, and E3 through 1.0. NVD also associates the record with CWE-532.

Defensive priority

High. The issue is remotely reachable, requires no authentication, and can expose configuration data that may be operationally sensitive. For exposed or internet-reachable devices, prioritization should be immediate.

Recommended defensive actions

  • Identify all Moxa MiiNePort E1, E2, and E3 devices in the environment and confirm firmware versions.
  • Upgrade to a fixed firmware release at or above the affected-model thresholds indicated in the CVE: E1 1.8+, E2 1.4+, E3 1.1+.
  • Restrict network access to device management interfaces to trusted administrative hosts only.
  • Review whether configuration files exposed by these devices contain credentials, network topology, or other sensitive settings.
  • Monitor for unusual management-session activity and unexpected configuration downloads where logging is available.
  • If upgrading is not immediately possible, place the devices behind segmentation controls and minimize exposure of the web management surface.

Evidence notes

The CVE description states that an attacker may brute-force an active session cookie to download configuration files. NVD lists the affected firmware ranges as MiiNePort E1 prior to 1.8, E2 prior to 1.4, and E3 prior to 1.1. NVD’s CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, supporting remote, unauthenticated exploitation with confidentiality impact. The record was published on 2017-02-13 and later modified on 2026-05-13; the later modified date is record maintenance context, not the vulnerability’s issue date.

Official resources

Publicly disclosed in the CVE record on 2017-02-13. The NVD record was later modified on 2026-05-13; that date reflects record updates, not original disclosure.