Moxa NPort 5232-N Serial-to-Ethernet Device (All Versions) Web Console Authentication Bypass

Critical Nessus Network Monitor Plugin ID 9576

Synopsis

The detected Moxa NPort 5232-N device may be vulnerable to an Authentication Bypass attack vector.

Description

All versions of Moxa NPort 5232-N Serial-to-Ethernet Device are affected by a flaw that is due to the program exposing UserId information in cookie parameters. This may allow a remote attacker to bypass authentication, and consequently modify settings and data. (CVE-2016-4503)

Solution

The vendor discontinued this product in 2012, and it is no longer supported. No patch or upgrade is available to address the issue. If this product is still in use, it is recommended to replace it with a similar product that is still supported. If replacement is not an option, ensure that access to the product is restricted, both physically and virtually, to authorized users only.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02

Plugin Details

Severity: Critical

ID: 9576

File Name: 9576.prm

Family: SCADA

Published: 2016/09/23

Modified: 2016/09/23

Dependencies: 9575

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:U/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:U/RC:C

Vulnerability Information

Vulnerability Publication Date: 2016/07/07

Reference Information

CVE: CVE-2016-4503

BID: 91670

OSVDB: 141190