CVE-2016-9356 Moxa CVE debrief

Who should care

Administrators and operators responsible for Moxa DACenter deployments, especially on systems where local users, support accounts, or shared administrative access exist.

Technical summary

The NVD record maps CVE-2016-9356 to Moxa DACenter versions through 1.4 and identifies a local attack vector with low complexity and low privileges required. The weakness is described as an unquoted search path issue, and NVD assigns CWE-284 in its metadata. The CVSS 3.0 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that successful exploitation could have significant impact once an attacker has local access.

Defensive priority

High for affected installations. The combination of local access requirements and high CIA impact means this should be addressed as a priority wherever DACenter 1.4 or older is present.

Recommended defensive actions

• Inventory all Moxa DACenter installations and identify any systems running version 1.4 or older.
• Check the linked NVD, CVE.org, and ICS-CERT references for vendor or mitigation guidance applicable to your environment.
• Restrict local access to affected hosts and minimize the number of users or service accounts with interactive or administrative access.
• Remove, update, or replace affected DACenter deployments where a fixed version or vendor-supported mitigation is available.
• Review affected systems for unusual executable launches or other signs of local tampering consistent with a search-path issue.

Evidence notes

Supported by the NVD record and linked references: the vulnerable CPE is listed as cpe:2.3:a:moxa:dacenter:* with versions through 1.4, the CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and the metadata includes CWE-284. References provided in the source corpus include SecurityFocus BID 94891 and the US-CERT/ICS-CERT advisory ICSA-16-348-02.

Official resources