PatchSiren cyber security CVE debrief

CVE-2016-9369 Moxa CVE debrief

CVE-2016-9369 describes a critical flaw in multiple Moxa NPort device families where firmware can be updated over the network without authentication, creating a path that may allow remote code execution. The NVD record rates the issue 9.8/CRITICAL and maps it to CWE-287. For defenders, the key concern is any reachable management or firmware-update interface on affected NPort deployments.

Vendor: Moxa
Product: CVE-2016-9369
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

OT/ICS operators, network and platform administrators, and vulnerability management teams responsible for Moxa NPort serial device servers and related firmware maintenance.

Technical summary

The NVD record says firmware for several Moxa NPort product lines can be updated over the network without authentication, and that this may allow remote code execution. The affected scope includes multiple firmware branches called out in the CVE description and NVD criteria, such as NPort 5110, 5130/5150, 5200, 5400, 5600, 5100A/P5150A, 5200A, 5150AI-M12, 5250AI-M12, 5450AI-M12, 5600-8-DT/DTL, 6x50, and IA5450A, each below the listed fixed versions. NVD assigns CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a network-reachable, no-authentication issue with severe confidentiality, integrity, and availability impact.

Defensive priority

Critical. Because the flaw is network-reachable, requires no authentication, and carries a CVSS 9.8 score, affected devices should be treated as urgent patch and exposure-reduction targets.

Recommended defensive actions

Inventory Moxa NPort devices and compare installed firmware against the fixed-version thresholds listed in the NVD record.
Prioritize remediation on any device reachable from untrusted or broadly shared networks.
Apply the vendor-referenced firmware updates for the specific product family and verify the post-update version.
Restrict management and firmware-update access to trusted administrative networks only.
Monitor for unexpected firmware-update attempts or other management-plane access on affected devices.
If immediate patching is not possible, isolate the devices with segmentation and tight access controls until remediation is complete.

Evidence notes

This debrief is based on the NVD record and the linked advisory references only. The corpus supports one core vulnerability statement: Moxa NPort firmware can be updated over the network without authentication, which may allow remote code execution. PublishedAt is 2017-02-13T21:59:02.300Z and ModifiedAt is 2026-05-13T00:24:29.033Z; the modified date reflects a database update, not a new issue date. No exploit code, weaponization, or unsupported operational claims are included.

Official resources

CVE-2016-9369 CVE record
CVE.org
CVE-2016-9369 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource

CVE published on 2017-02-13T21:59:02.300Z and modified on 2026-05-13T00:24:29.033Z. The supplied corpus does not include a separate vendor disclosure date.