Moxa NPort 5110, 5130, and 5150

Plan Patch8.6ICS-CERT ICSA-17-320-01Nov 16, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Moxa NPort 5110, 5130, and 5150 devices contain multiple vulnerabilities including improper input validation (CWE-74), information disclosure (CWE-200), and resource exhaustion (CWE-400). These serial device servers are remotely exploitable with low complexity and do not require authentication or user interaction.

What this means

What could happen

An attacker could remotely access the device without credentials, potentially extract sensitive configuration data, disrupt serial communications to downstream equipment, or cause the device to become unresponsive, interrupting critical industrial operations that depend on serial-to-network connectivity.

Who's at risk

Water and wastewater utilities, electric utilities, and manufacturing facilities that use Moxa NPort serial device servers (models 5110, 5130, 5150) to connect legacy industrial equipment like RTUs, PLCs, flow meters, or pressure sensors to modern networks. Any site with critical serial-based instrumentation or SCADA communication that depends on these serial gateways.

How it could be exploited

An attacker with network access to the device's IP address and port can send specially crafted requests directly to the NPort web interface or serial protocol handler. The lack of authentication allows immediate access to exploit input validation flaws, extract sensitive information, or trigger resource exhaustion conditions that degrade or halt device operation.

Prerequisites

Network access to the NPort device IP address
No credentials required for exploitation
Ability to send HTTP or protocol-specific requests to the device

remotely exploitableno authentication requiredlow complexityno patch availableaffects critical serial infrastructure

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

NPort 5130:≤ 3.7No fix (EOL)

NPort 5110:2.4; 2.7; 2.6; 2.2No fix (EOL)

NPort 5150:≤ 3.7No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGSegment NPort devices onto an isolated industrial network with no direct internet access or untrusted network connectivity

HARDENINGImplement firewall rules to restrict network access to the NPort device to only authorized engineering workstations and control systems that require serial access

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from the device for signs of exploitation attempts or unusual access patterns

HOTFIXContact Moxa support and check for any available firmware updates or patches, as none are currently documented

Long-term hardening

0/1

HOTFIXEvaluate replacement with a newer Moxa NPort model that receives security updates and patches

CVEs (3)

CVE-2017-16719 CVE-2017-16715 CVE-2017-14028

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e6851df2-4cb2-40cc-9a77-13f9ce1c56f4