CVE-2016-9365 Moxa CVE debrief

Who should care

Organizations that use Moxa NPort serial device servers, especially teams responsible for OT/ICS networks, remote device management, and firmware patching, should treat this as a priority. Administrators who expose NPort management interfaces beyond tightly controlled internal networks should pay particular attention.

Technical summary

NVD classifies the weakness as CWE-352 and assigns CVSS 3.0 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue affects multiple Moxa NPort firmware lines prior to the fixed releases listed by the advisory data, including NPort 5110 prior to 2.6, 5130/5150 Series prior to 3.6, 5200 Series prior to 2.8, 5400 Series prior to 3.11, 5600 Series prior to 3.7, 5100A Series and NPort P5150A prior to 1.3, 5200A Series prior to 1.3, 5150AI-M12 prior to 1.2, 5250AI-M12 prior to 1.2, 5450AI-M12 prior to 1.2, 5600-8-DT and 5600-8-DTL prior to 2.4, 6x50 Series prior to 1.13.11, and IA5450A prior to v1.4. The core risk is that a logged-in user's browser can be leveraged to make unintended state-changing requests against the device.

Defensive priority

High. This is an authenticated-user CSRF issue against network-manageable industrial connectivity equipment, so remediation should be scheduled promptly and validated per device model.

Recommended defensive actions

• Upgrade affected NPort firmware to the first fixed release for the exact model series listed in the advisory data.
• Inventory all Moxa NPort devices and confirm the installed firmware version against the affected version ranges before and after remediation.
• Restrict access to the device management interface to trusted administrative networks and avoid unnecessary exposure.
• Review administrative workflows for CSRF-resistant controls such as reauthentication for sensitive actions where supported.
• Monitor vendor and ICS advisories for model-specific remediation guidance and confirm updates do not disrupt OT operations.

Evidence notes

The supplied NVD record states the issue is a cross-site request forgery weakness and provides the CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with CWE-352. The record also lists the affected Moxa NPort firmware families and fixed-version cutoffs, and references the US-CERT advisory ICSA-16-336-02 and SecurityFocus BID 85965. CVE publication time used here is 2017-02-13, per the provided CVE and source timestamps; the 2026-05-13 timestamp reflects record modification, not original disclosure.

Official resources