PatchSiren cyber security CVE debrief
CVE-2016-9361 Moxa CVE debrief
CVE-2016-9361 is a critical Moxa NPort firmware authentication flaw that allows remote attackers to retry administration passwords without first authenticating. Because these devices are commonly used as network-facing serial device servers in industrial environments, the issue can lead to unauthorized administrative access across multiple product families and firmware releases.
- Vendor
- Moxa
- Product
- CVE-2016-9361
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
OT/ICS operators, network administrators, and security teams responsible for Moxa NPort serial device servers and their management interfaces.
Technical summary
NVD classifies this issue as CWE-287 (Improper Authentication) with CVSS 3.0: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The supplied record states that administration passwords can be retried without authenticating. Affected Moxa product families and firmware thresholds include NPort 5110 prior to 2.6; NPort 5130/5150 Series prior to 3.6; NPort 5200 Series prior to 2.8; NPort 5400 Series prior to 3.11; NPort 5600 Series prior to 3.7; NPort 5100A Series and NPort P5150A prior to 1.3; NPort 5200A Series prior to 1.3; NPort 5150AI-M12, 5250AI-M12, and 5450AI-M12 prior to 1.2; NPort 5600-8-DT and 5600-8-DTL prior to 2.4; NPort 6x50 Series prior to 1.13.11; and NPort IA5450A prior to v1.4.
Defensive priority
High priority. Unauthenticated remote access to administrative authentication paths on industrial network devices can enable device compromise and operational disruption.
Recommended defensive actions
- Identify all Moxa NPort devices in the environment and verify installed firmware against the affected version thresholds in the advisory.
- Apply the vendor-fixed firmware for each affected model family as soon as maintenance windows allow.
- Restrict management interfaces to trusted administration networks only and avoid exposing device management services to the internet.
- Segment serial device servers behind network controls such as ACLs, jump hosts, and VPN-only administration paths.
- Monitor for unusual authentication activity and unexpected configuration changes on affected devices.
- If patching is delayed, minimize exposure with least-privilege access, strong account controls, and tighter management-plane filtering.
- If compromise is suspected, reset administrative credentials and review device configuration after remediation.
Evidence notes
The debrief is based on the supplied CVE/NVD corpus. The record lists CVSS 3.0 9.8, CWE-287, the affected Moxa NPort families/versions, and cites US-CERT/ICS-CERT advisory ICSA-16-336-02. The CVE was published on 2017-02-13 in the supplied data; no KEV entry is provided in the corpus.
Official resources
-
CVE-2016-9361 CVE record
CVE.org
-
CVE-2016-9361 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
Publicly disclosed in the CVE record on 2017-02-13; the supplied enrichment does not list a KEV entry.