Detections
Analytics

Moxa NPort 5232-N Serial-to-Ethernet Device (All Versions) Web Console Authentication Bypass

critical Nessus Network Monitor Plugin ID 9576

Synopsis

The detected Moxa NPort 5232-N device may be vulnerable to an Authentication Bypass attack vector.

Description

All versions of Moxa NPort 5232-N Serial-to-Ethernet Device are affected by a flaw that is due to the program exposing UserId information in cookie parameters. This may allow a remote attacker to bypass authentication, and consequently modify settings and data. (CVE-2016-4503)

Solution

The vendor discontinued this product in 2012, and it is no longer supported. No patch or upgrade is available to address the issue. If this product is still in use, it is recommended to replace it with a similar product that is still supported. If replacement is not an option, ensure that access to the product is restricted, both physically and virtually, to authorized users only.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02

Plugin Details

Severity: Critical

ID: 9576

Family: SCADA

Published: 9/23/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:U/RC:C

Vulnerability Information

CPE: cpe:/h:moxa:nport-5232n

Vulnerability Publication Date: 7/7/2016

Reference Information

CVE: CVE-2016-4503

BID: 91670