PatchSiren cyber security CVE debrief

CVE-2016-9354 Moxa CVE debrief

CVE-2016-9354 is a medium-severity availability issue in Moxa DACenter 1.4 and older. According to the supplied NVD record, a specially crafted project file can trigger uncontrolled resource consumption, leading to an application crash. The record maps the issue to CWE-399 and rates it as local, user-interaction required, with no confidentiality or integrity impact identified.

Vendor: Moxa
Product: CVE-2016-9354
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

Organizations that use Moxa DACenter 1.4 or older, especially engineering, operations, and security teams that handle project files on affected workstations.

Technical summary

The supplied NVD data lists Moxa DACenter as vulnerable through version 1.4 (cpe:2.3:a:moxa:dacenter:*:*:*:*:*:*:*:*, versionEndIncluding 1.4). The CVSS 3.0 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, which indicates a local attack that requires a user to open or process a malicious project file. NVD classifies the weakness as CWE-399 (resource management). The documented impact is denial of service via crash, not code execution or data theft.

Defensive priority

Medium priority. Treat as urgent if Moxa DACenter is still deployed on production or engineering endpoints that open untrusted project files; otherwise schedule remediation with normal patch management.

Recommended defensive actions

Identify all installations of Moxa DACenter and confirm whether any system is running version 1.4 or older.
Upgrade to a vendor-supplied fixed release if available; if no fix is available in your environment, restrict use of affected versions and isolate them.
Prevent users from opening untrusted or unsolicited project files on affected systems.
Apply least-privilege and workstation hardening controls to reduce the impact of local, user-interaction-based crashes.
Monitor affected endpoints for repeated application crashes or resource exhaustion when project files are opened.

Evidence notes

This debrief is based only on the supplied NVD record and linked official references. The NVD entry states that Moxa DACenter versions 1.4 and older are affected and that a specially crafted project file may cause a crash due to uncontrolled resource consumption. The record also provides the CVSS 3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H and CWE-399. Reference URLs supplied in the corpus include the CVE record, the NVD detail page, a SecurityFocus BID entry, and an ICS-CERT advisory.

Official resources

CVE-2016-9354 CVE record
CVE.org
CVE-2016-9354 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Mitigation, Third Party Advisory, US Government Resource

CVE published and recorded on 2017-02-13; the supplied NVD record was last modified on 2026-05-13. No KEV listing is indicated in the supplied data.