PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-9363 Moxa CVE debrief

CVE-2016-9363 is a network-reachable buffer overflow in multiple Moxa NPort firmware lines. The CVE description states that an unauthenticated attacker may be able to remotely execute arbitrary code. Because the attack vector is network-based and requires no privileges or user interaction, exposed devices should be treated as high priority for patching and exposure reduction.

Vendor
Moxa
Product
CVE-2016-9363
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-13
Original CVE updated
2026-05-13
Advisory published
2017-02-13
Advisory updated
2026-05-13

Who should care

Organizations using affected Moxa NPort serial device server firmware, especially if devices are reachable from untrusted or segmented operational networks. OT, ICS, and infrastructure teams responsible for firmware management and perimeter exposure should review this immediately.

Technical summary

NVD classifies this issue as CWE-119 and assigns CVSS 3.0 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The vulnerability is described as a buffer overflow in Moxa NPort firmware that may permit unauthenticated remote code execution. The affected ranges in the CVE record include NPort 5110 prior to 2.6; NPort 5130/5150 Series prior to 3.6; NPort 5200 Series prior to 2.8; NPort 5400 Series prior to 3.11; NPort 5600 Series prior to 3.7; NPort 5100A Series and NPort P5150A prior to 1.3; NPort 5200A Series prior to 1.3; NPort 5150AI-M12, 5250AI-M12, and 5450AI-M12 prior to 1.2; NPort 5600-8-DT and 5600-8-DTL prior to 2.4; NPort 6x50 Series prior to 1.13.11; and NPort IA5450A prior to v1.4.

Defensive priority

High. The issue is unauthenticated, remotely reachable, and impacts firmware in industrial connectivity products. Prioritize rapid inventory, exposure review, and firmware upgrades for any affected device.

Recommended defensive actions

  • Inventory all Moxa NPort devices and confirm model and firmware version against the affected ranges in the CVE record.
  • Upgrade to the fixed firmware versions named in the CVE description for each product family, such as 2.6, 3.6, 2.8, 3.11, 3.7, 1.3, 1.2, 2.4, 1.13.11, or v1.4 as applicable.
  • Restrict network access to affected devices so they are not exposed to untrusted networks while remediation is pending.
  • Review segmentation and firewall rules around serial device server management interfaces and service ports.
  • Monitor vendor and US-CERT guidance for mitigation details and validation steps before and after patching.
  • After updating, verify the installed firmware version and confirm the device is no longer within the vulnerable range.

Evidence notes

This debrief is based on the CVE description, which identifies a buffer overflow that may allow unauthenticated remote code execution across multiple Moxa NPort firmware families. NVD metadata supplies the CVSS vector, severity, and CWE-119 classification. The affected version cutoffs are taken from the CVE record and NVD CPE/version data. PublishedAt is 2017-02-13T21:59:02.143Z; the later NVD modified timestamp is not treated as the issue date.

Official resources

Publicly disclosed in the CVE record on 2017-02-13. The NVD entry was later modified on 2026-05-13, but that modification date is not the vulnerability disclosure date.