OTPulse
FeedAboutContact

Moxa NE-4100 Series and MiiNePort Series Affected by CVE-2016-9361

Act Now9.8MPSA-241661Oct 21, 2024
Summary

CVE-2016-9361 affects Moxa NE-4100 Series, MiiNePort E1/E2/E3 Series network bridges. The vulnerability allows unauthenticated remote attackers to retrieve administration passwords through improper authentication mechanisms. This enables unauthorized access to device configuration and operational controls. No vendor patch is available for any affected product version. The CVSS score of 9.8 reflects the severity: an attacker can remotely gain full administrative control without credentials.

What this means
What could happen
An attacker can remotely retrieve administrator passwords without credentials, gaining full control to change device settings, reroute network traffic, or stop device operations on your Moxa network bridges.
Who's at risk
Water utilities, electric distribution, wastewater treatment, and other critical infrastructure operators using Moxa NE-4100 Series or MiiNePort Series (E1, E2, E3) network bridges for remote site connectivity. These devices are commonly deployed at substations, pump stations, and control system gateways where unauthorized access could disrupt SCADA communications or alter control logic.
How it could be exploited
An attacker on the network sends requests to the device's management interface to extract stored administration credentials without authentication. Once obtained, these credentials allow the attacker to log in as an administrator and modify configurations or disable the device entirely.
Prerequisites
  • Network access to the device management interface (typically port 23 for Telnet or port 80 for web interface)
  • No credentials required for the initial password extraction attack
Remotely exploitableNo authentication requiredLow complexity attackNo patch available (end-of-life products)Affects critical network infrastructureEPSS score 49.6% (moderate-to-high exploitation likelihood)
Exploitability
High exploit probability (EPSS 49.6%)
Affected products (1)
ProductAffected VersionsFix Status
NE-4100 Series and MiiNePort Series Affected by CVE-2016-9361All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
WORKAROUNDIsolate affected NE-4100 and MiiNePort devices from untrusted networks using firewall rules that restrict access to management ports (23, 80, 443) to only authorized engineer workstations
HARDENINGDisable remote management access (Telnet, HTTP) on affected devices if not actively needed for normal operations; use only secure local serial console access
WORKAROUNDChange all administrator passwords immediately on each affected device and document the new credentials securely
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGSegment Moxa devices onto a separate, protected management network with strict access controls; do not expose to general plant networks
Long-term hardening
0/1
HOTFIXPlan replacement or migration to newer Moxa product lines (NE-4100 Series successor models or other vendors offering patched alternatives) as a long-term solution
View full Moxa Security advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/9d103e1a-515f-4b18-9cf9-c13cd04393a0
Moxa NE-4100 Series and MiiNePort Series Affected by CVE-2016-9361 | CVSS 9.8 - OTPulse