Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for nport_5230-t_firmware by moxa

    CVE-2023-4929 (GCVE-0-2023-4929)

    Vulnerability from nvd – Published: 2023-10-03 13:54 – Updated: 2024-09-23 13:29
    VLAI
    Title
    NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability
    Summary
    All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-354 - Improper Validation of Integrity Check Value
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa NPort 5000AI-M12 Series Affected: 1.0 , ≤ 1.5 (custom)
    Create a notification for this product.
    Moxa NPort 5100 Series Affected: 1.0 , ≤ 3.10 (custom)
    Create a notification for this product.
    Moxa NPort 5100A Series Affected: 1.0 , ≤ 1.6 (custom)
    Create a notification for this product.
    Moxa NPort 5200 Series Affected: 1.0 , ≤ 2.12 (custom)
    Create a notification for this product.
    Moxa NPort 5200A Series Affected: 1.0 , ≤ 1.6 (custom)
    Create a notification for this product.
    Moxa NPort 5400 Series Affected: 1.0 , ≤ 3.14 (custom)
    Create a notification for this product.
    Moxa NPort 5600 Series Affected: 1.0 , ≤ 3.11 (custom)
    Create a notification for this product.
    Moxa NPort 5600-DT Series Affected: 1.0 , ≤ 2.9 (custom)
    Create a notification for this product.
    Moxa NPort IA5000 Series Affected: 1.0 , ≤ 2.1 (custom)
    Create a notification for this product.
    Moxa NPort IA5000A Series Affected: 1.0 , ≤ 2.0 (custom)
    Create a notification for this product.
    Moxa NPort IA5000A-I/O Series Affected: 1.0 , ≤ 2.0 (custom)
    Create a notification for this product.
    Moxa NPort IAW5000A-I/O Series Affected: 1.0 , ≤ 2.2 (custom)
    Create a notification for this product.
    Moxa NPort P5150A Series Affected: 1.0 , ≤ 1.6 (custom)
    Create a notification for this product.
    moxa nport_5100ai_m12 Affected: 1.0 , ≤ 1.5 (custom)
        cpe:2.3:a:moxa:nport_5100ai_m12:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5100 Affected: 1.0 , ≤ 3.10 (custom)
        cpe:2.3:a:moxa:nport_5100:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5100a Affected: 1.0 , ≤ 1.6 (custom)
        cpe:2.3:h:moxa:nport_5100a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5200_series_firmware Affected: 1.0 , ≤ 2.12 (custom)
        cpe:2.3:o:moxa:nport_5200_series_firmware:2.7:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5200a_series_firmware Affected: 1.0 , ≤ 2.12 (custom)
        cpe:2.3:o:moxa:nport_5200a_series_firmware:1.2:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5600_series_firmware Affected: 1.0 , ≤ 3.11 (custom)
        cpe:2.3:a:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5600_dt Affected: 1.0 , ≤ 2.9 (custom)
        cpe:2.3:a:moxa:nport_5600_dt:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_ia_5000 Affected: 1.0 , ≤ 2.1 (custom)
        cpe:2.3:a:moxa:nport_ia_5000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_ia_5000a Affected: 1.0 , ≤ 2.0 (custom)
        cpe:2.3:a:moxa:nport_ia_5000a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_ia_5000a_io Affected: 1.0 , ≤ 2.0 (custom)
        cpe:2.3:a:moxa:nport_ia_5000a_io:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_iaw_5000a_io Affected: 1.0 , ≤ 2.2 (custom)
        cpe:2.3:a:moxa:nport_iaw_5000a_io:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_p5150a Affected: 1.0 , ≤ 1.6 (custom)
        cpe:2.3:a:moxa:nport_p5150a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:52.628Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_5100ai_m12:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5100ai_m12",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_5100:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5100",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.10",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:nport_5100a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5100a",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:moxa:nport_5200_series_firmware:2.7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5200_series_firmware",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.12",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:moxa:nport_5200a_series_firmware:1.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5200a_series_firmware",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.12",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5600_series_firmware",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.11",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_5600_dt:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5600_dt",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.9",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_ia_5000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_ia_5000",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.1",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_ia_5000a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_ia_5000a",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_ia_5000a_io:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_ia_5000a_io",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_iaw_5000a_io:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_iaw_5000a_io",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_p5150a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_p5150a",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4929",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T13:08:12.493856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T13:29:04.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5000AI-M12 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.5",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5100 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.10",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5100A Series ",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5200 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.12",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5200A Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5400 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.14",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5600 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.11",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5600-DT Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.9",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort IA5000 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort IA5000A Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort IA5000A-I/O Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort IAW5000A-I/O Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.2",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort P5150A Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAll firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\u003c/p\u003e"
                }
              ],
              "value": "All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-145",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-145 Checksum Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "CWE-354 Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-03T13:54:49.293Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/getmedia/67b5e549-a125-4a6a-b99b-23017c75cfc1/moxa-the-security-hardening-guide-for-the-nport-5000-series-tech-note-v1.1.pdf\"\u003e\u003cu\u003ehardening guide\u003c/u\u003e\u003c/a\u003e in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. \u003c/p\u003e\u003cp\u003eMoxa recommends users follow these CISA recommendations. Users should \u003c/p\u003e\u003col\u003e\u003cli\u003eReduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\u003c/li\u003e\u003cli\u003ePlace control system networks and remote devices behind firewalls, isolating them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\u003c/li\u003e\u003c/ol\u003e"
                }
              ],
              "value": "Due to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the  hardening guide https://www.moxa.com/getmedia/67b5e549-a125-4a6a-b99b-23017c75cfc1/moxa-the-security-hardening-guide-for-the-nport-5000-series-tech-note-v1.1.pdf  in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. \n\nMoxa recommends users follow these CISA recommendations. Users should \n\n  *  Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\n  *  Place control system networks and remote devices behind firewalls, isolating them from business networks.\n  *  When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-4929",
        "datePublished": "2023-10-03T13:54:49.293Z",
        "dateReserved": "2023-09-13T01:12:13.466Z",
        "dateUpdated": "2024-09-23T13:29:04.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4929 (GCVE-0-2023-4929)

    Vulnerability from cvelistv5 – Published: 2023-10-03 13:54 – Updated: 2024-09-23 13:29
    VLAI
    Title
    NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability
    Summary
    All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-354 - Improper Validation of Integrity Check Value
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa NPort 5000AI-M12 Series Affected: 1.0 , ≤ 1.5 (custom)
    Create a notification for this product.
    Moxa NPort 5100 Series Affected: 1.0 , ≤ 3.10 (custom)
    Create a notification for this product.
    Moxa NPort 5100A Series Affected: 1.0 , ≤ 1.6 (custom)
    Create a notification for this product.
    Moxa NPort 5200 Series Affected: 1.0 , ≤ 2.12 (custom)
    Create a notification for this product.
    Moxa NPort 5200A Series Affected: 1.0 , ≤ 1.6 (custom)
    Create a notification for this product.
    Moxa NPort 5400 Series Affected: 1.0 , ≤ 3.14 (custom)
    Create a notification for this product.
    Moxa NPort 5600 Series Affected: 1.0 , ≤ 3.11 (custom)
    Create a notification for this product.
    Moxa NPort 5600-DT Series Affected: 1.0 , ≤ 2.9 (custom)
    Create a notification for this product.
    Moxa NPort IA5000 Series Affected: 1.0 , ≤ 2.1 (custom)
    Create a notification for this product.
    Moxa NPort IA5000A Series Affected: 1.0 , ≤ 2.0 (custom)
    Create a notification for this product.
    Moxa NPort IA5000A-I/O Series Affected: 1.0 , ≤ 2.0 (custom)
    Create a notification for this product.
    Moxa NPort IAW5000A-I/O Series Affected: 1.0 , ≤ 2.2 (custom)
    Create a notification for this product.
    Moxa NPort P5150A Series Affected: 1.0 , ≤ 1.6 (custom)
    Create a notification for this product.
    moxa nport_5100ai_m12 Affected: 1.0 , ≤ 1.5 (custom)
        cpe:2.3:a:moxa:nport_5100ai_m12:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5100 Affected: 1.0 , ≤ 3.10 (custom)
        cpe:2.3:a:moxa:nport_5100:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5100a Affected: 1.0 , ≤ 1.6 (custom)
        cpe:2.3:h:moxa:nport_5100a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5200_series_firmware Affected: 1.0 , ≤ 2.12 (custom)
        cpe:2.3:o:moxa:nport_5200_series_firmware:2.7:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5200a_series_firmware Affected: 1.0 , ≤ 2.12 (custom)
        cpe:2.3:o:moxa:nport_5200a_series_firmware:1.2:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5600_series_firmware Affected: 1.0 , ≤ 3.11 (custom)
        cpe:2.3:a:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_5600_dt Affected: 1.0 , ≤ 2.9 (custom)
        cpe:2.3:a:moxa:nport_5600_dt:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_ia_5000 Affected: 1.0 , ≤ 2.1 (custom)
        cpe:2.3:a:moxa:nport_ia_5000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_ia_5000a Affected: 1.0 , ≤ 2.0 (custom)
        cpe:2.3:a:moxa:nport_ia_5000a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_ia_5000a_io Affected: 1.0 , ≤ 2.0 (custom)
        cpe:2.3:a:moxa:nport_ia_5000a_io:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_iaw_5000a_io Affected: 1.0 , ≤ 2.2 (custom)
        cpe:2.3:a:moxa:nport_iaw_5000a_io:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nport_p5150a Affected: 1.0 , ≤ 1.6 (custom)
        cpe:2.3:a:moxa:nport_p5150a:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:52.628Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_5100ai_m12:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5100ai_m12",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_5100:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5100",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.10",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:nport_5100a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5100a",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:moxa:nport_5200_series_firmware:2.7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5200_series_firmware",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.12",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:moxa:nport_5200a_series_firmware:1.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5200a_series_firmware",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.12",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5600_series_firmware",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.11",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_5600_dt:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_5600_dt",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.9",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_ia_5000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_ia_5000",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.1",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_ia_5000a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_ia_5000a",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_ia_5000a_io:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_ia_5000a_io",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_iaw_5000a_io:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_iaw_5000a_io",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nport_p5150a:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nport_p5150a",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4929",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T13:08:12.493856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T13:29:04.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5000AI-M12 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.5",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5100 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.10",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5100A Series ",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5200 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.12",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5200A Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5400 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.14",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5600 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.11",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort 5600-DT Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.9",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort IA5000 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort IA5000A Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort IA5000A-I/O Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort IAW5000A-I/O Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.2",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NPort P5150A Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAll firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\u003c/p\u003e"
                }
              ],
              "value": "All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-145",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-145 Checksum Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "CWE-354 Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-03T13:54:49.293Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/getmedia/67b5e549-a125-4a6a-b99b-23017c75cfc1/moxa-the-security-hardening-guide-for-the-nport-5000-series-tech-note-v1.1.pdf\"\u003e\u003cu\u003ehardening guide\u003c/u\u003e\u003c/a\u003e in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. \u003c/p\u003e\u003cp\u003eMoxa recommends users follow these CISA recommendations. Users should \u003c/p\u003e\u003col\u003e\u003cli\u003eReduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\u003c/li\u003e\u003cli\u003ePlace control system networks and remote devices behind firewalls, isolating them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\u003c/li\u003e\u003c/ol\u003e"
                }
              ],
              "value": "Due to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the  hardening guide https://www.moxa.com/getmedia/67b5e549-a125-4a6a-b99b-23017c75cfc1/moxa-the-security-hardening-guide-for-the-nport-5000-series-tech-note-v1.1.pdf  in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. \n\nMoxa recommends users follow these CISA recommendations. Users should \n\n  *  Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\n  *  Place control system networks and remote devices behind firewalls, isolating them from business networks.\n  *  When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-4929",
        "datePublished": "2023-10-03T13:54:49.293Z",
        "dateReserved": "2023-09-13T01:12:13.466Z",
        "dateUpdated": "2024-09-23T13:29:04.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }