Search
Find a vulnerability
Search criteria
4 vulnerabilities found for NPort 6000 Series by Moxa
CVE-2026-10831 (GCVE-0-2026-10831)
Vulnerability from nvd – Published: 2026-06-16 13:46 – Updated: 2026-06-16 15:27
VLAI
Title
Improper Authorization of Break Signal Commands in Devices
Summary
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.moxa.com/en/support/product-support/s… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | NPort 6000 Series |
Affected:
1.0 , ≤ 2.3
(custom)
|
|
| Moxa | CN2600 Series |
Affected:
1.0 , ≤ 4.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T15:27:21.022805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T15:27:28.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPort 6000 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CN2600 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Artur Witek"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.\u003c/p\u003e"
}
],
"value": "A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212: Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T13:46:27.325Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisory:\u0026nbsp;https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
}
],
"value": "Please refer to the security advisory:\u00a0https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Authorization of Break Signal Commands in Devices",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2026-10831",
"datePublished": "2026-06-16T13:46:27.325Z",
"dateReserved": "2026-06-04T10:11:26.724Z",
"dateUpdated": "2026-06-16T15:27:28.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5627 (GCVE-0-2023-5627)
Vulnerability from nvd – Published: 2023-11-01 15:04 – Updated: 2024-09-05 15:45
VLAI
Title
Incorrect Implementation of Authentication Algorithm Vulnerability
Summary
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.moxa.com/en/support/product-support/s… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | NPort 6000 Series |
Affected:
1.0 , ≤ 1.21
(custom)
|
|
| moxa | nport_6000 |
Affected:
1.0 , ≤ 1.21
(custom)
cpe:2.3:a:moxa:nport_6000:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-232905-nport-6000-series-incorrect-implementation-of-authentication-algorithm-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moxa:nport_6000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nport_6000",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.21",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:42:46.805202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:45:44.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPort 6000 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.21",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Pasha Kravtsov and Nathan Nye from True Anomaly (trueanomaly.space)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114: Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T15:04:13.625Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-232905-nport-6000-series-incorrect-implementation-of-authentication-algorithm-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been addressed in FWR v2.0 and subsequent versions; it does NOT exist in these firmware versions.\u003cbr\u003e\u003cp\u003eFor the users still using version v1.x, refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/terminal-servers/nport-6100-6200-series#resources\"\u003eHardening Guide\u003c/a\u003e on Moxa\u2019s website to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpgrade to the newest firmware version.\u003c/li\u003e\u003cli\u003eDisable the HTTP console.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The vulnerability has been addressed in FWR v2.0 and subsequent versions; it does NOT exist in these firmware versions.\nFor the users still using version v1.x, refer to the Hardening Guide https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/terminal-servers/nport-6100-6200-series#resources on Moxa\u2019s website to:\n\n * Upgrade to the newest firmware version.\n * Disable the HTTP console.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect Implementation of Authentication Algorithm Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-5627",
"datePublished": "2023-11-01T15:04:13.625Z",
"dateReserved": "2023-10-18T00:52:37.461Z",
"dateUpdated": "2024-09-05T15:45:44.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-10831 (GCVE-0-2026-10831)
Vulnerability from cvelistv5 – Published: 2026-06-16 13:46 – Updated: 2026-06-16 15:27
VLAI
Title
Improper Authorization of Break Signal Commands in Devices
Summary
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.moxa.com/en/support/product-support/s… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | NPort 6000 Series |
Affected:
1.0 , ≤ 2.3
(custom)
|
|
| Moxa | CN2600 Series |
Affected:
1.0 , ≤ 4.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T15:27:21.022805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T15:27:28.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPort 6000 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CN2600 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Artur Witek"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.\u003c/p\u003e"
}
],
"value": "A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212: Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T13:46:27.325Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisory:\u0026nbsp;https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
}
],
"value": "Please refer to the security advisory:\u00a0https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Authorization of Break Signal Commands in Devices",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2026-10831",
"datePublished": "2026-06-16T13:46:27.325Z",
"dateReserved": "2026-06-04T10:11:26.724Z",
"dateUpdated": "2026-06-16T15:27:28.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5627 (GCVE-0-2023-5627)
Vulnerability from cvelistv5 – Published: 2023-11-01 15:04 – Updated: 2024-09-05 15:45
VLAI
Title
Incorrect Implementation of Authentication Algorithm Vulnerability
Summary
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.moxa.com/en/support/product-support/s… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | NPort 6000 Series |
Affected:
1.0 , ≤ 1.21
(custom)
|
|
| moxa | nport_6000 |
Affected:
1.0 , ≤ 1.21
(custom)
cpe:2.3:a:moxa:nport_6000:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-232905-nport-6000-series-incorrect-implementation-of-authentication-algorithm-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moxa:nport_6000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nport_6000",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.21",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:42:46.805202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:45:44.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPort 6000 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.21",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Pasha Kravtsov and Nathan Nye from True Anomaly (trueanomaly.space)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114: Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T15:04:13.625Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-232905-nport-6000-series-incorrect-implementation-of-authentication-algorithm-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been addressed in FWR v2.0 and subsequent versions; it does NOT exist in these firmware versions.\u003cbr\u003e\u003cp\u003eFor the users still using version v1.x, refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/terminal-servers/nport-6100-6200-series#resources\"\u003eHardening Guide\u003c/a\u003e on Moxa\u2019s website to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpgrade to the newest firmware version.\u003c/li\u003e\u003cli\u003eDisable the HTTP console.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The vulnerability has been addressed in FWR v2.0 and subsequent versions; it does NOT exist in these firmware versions.\nFor the users still using version v1.x, refer to the Hardening Guide https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/terminal-servers/nport-6100-6200-series#resources on Moxa\u2019s website to:\n\n * Upgrade to the newest firmware version.\n * Disable the HTTP console.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect Implementation of Authentication Algorithm Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-5627",
"datePublished": "2023-11-01T15:04:13.625Z",
"dateReserved": "2023-10-18T00:52:37.461Z",
"dateUpdated": "2024-09-05T15:45:44.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}