PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-9348 Moxa CVE debrief

CVE-2016-9348 is a plaintext credential exposure issue in multiple Moxa NPort serial device server firmware families. According to NVD, configuration files can contain password parameters in clear text, making local access to those files a confidentiality risk. Even with a low CVSS score, exposed configuration backups or device files should be treated as sensitive secrets and remediated promptly on affected firmware.

Vendor
Moxa
Product
CVE-2016-9348
CVSS
LOW 3.3
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-13
Original CVE updated
2026-05-13
Advisory published
2017-02-13
Advisory updated
2026-05-13

Who should care

Moxa NPort owners and operators, OT/ICS administrators, system integrators, and IT teams that manage serial device servers or their configuration backups.

Technical summary

NVD describes the issue as a configuration file containing parameters that represent passwords in plaintext. The record rates the flaw CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, so exploitation requires local access with low privileges and results in limited confidentiality impact rather than integrity or availability impact. Affected products listed in the CVE description include NPort 5110 prior to 2.6; NPort 5130/5150 Series prior to 3.6; NPort 5200 Series prior to 2.8; NPort 5400 Series prior to 3.11; NPort 5600 Series prior to 3.7; NPort 5100A Series and NPort P5150A prior to 1.3; NPort 5200A Series prior to 1.3; NPort 5150AI-M12 Series, NPort 5250AI-M12 Series, and NPort 5450AI-M12 Series prior to 1.2; NPort 5600-8-DT and 5600-8-DTL prior to 2.4; NPort 6x50 Series prior to 1.13.11; and NPort IA5450A prior to v1.4.

Defensive priority

Low, but faster action is warranted on devices with shared administrative access, exposed backups, or broad local access.

Recommended defensive actions

  • Upgrade affected NPort firmware to the vendor-fixed version for the exact model in use.
  • Inventory configuration exports, backups, and support bundles for stored credentials and remove or protect any plaintext copies.
  • Restrict local and administrative access to trusted personnel only, including access to any files that hold device configuration data.
  • Rotate passwords that may have been present in affected configuration files or backups.
  • Verify the exact model/firmware pairing before remediation, since the CVE covers multiple NPort series and version thresholds.
  • Use the US-CERT/ICS-CERT advisory and vendor guidance to confirm the remediation path for your specific device family.

Evidence notes

The NVD description states: "A configuration file contains parameters that represent passwords in plaintext." The NVD CVSS vector is CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, which supports a local, low-privilege confidentiality issue. The supplied timeline shows the CVE was published on 2017-02-13 and later modified on 2026-05-13; those dates are record lifecycle context, not the original issue date.

Official resources

Publicly disclosed in the supplied record on 2017-02-13, with the NVD entry later modified on 2026-05-13. The provided enrichment does not mark this CVE as CISA KEV.