Moxa CVE-2026-10831: Improper Authorization Vulnerability in Serial Device Servers

MonitorCVSS 6.9MPSA-262370Jun 16, 2026

Moxa

Summary

CVE-2026-10831 is an improper authorization vulnerability in Moxa Serial Device Servers (such as NPort devices). The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. An unauthenticated remote attacker with network access to the command port can send crafted requests to disrupt serial communication for active user sessions, causing a denial of service. The vulnerability has a CVSS score of 6.9 (medium severity) and affects all current versions of these devices with no patch currently available.

What this means

What could happen

An attacker on your network can send specially crafted commands to a Serial Device Server to disrupt active serial sessions, causing loss of communication with connected equipment like PLCs, RTUs, or other serial devices. This could interrupt process monitoring or control operations depending on what devices are connected.

Who's at risk

Water authorities and utilities operating serial device servers (such as Moxa NPort devices) that connect to PLCs, RTUs, SCADA systems, or other serial-based industrial equipment. This affects any facility using these devices to bridge serial communications to Ethernet networks.

How it could be exploited

An attacker sends a break signal command to the device's command port without being an authorized user of an active data session. The device accepts the command because it does not verify that the attacker is associated with a valid session, allowing them to disrupt any active serial communication.

Prerequisites

Network access to the Serial Device Server command port
No valid credentials or authentication required

remotely exploitableno authentication requiredlow complexitymedium severity (not critical)

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

Serial Device ServersAll versionsNo fix yet

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the Serial Device Server command port to only authorized engineering workstations and control systems using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXSchedule an update to the latest firmware version for all Serial Device Servers in your next maintenance window

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate Serial Device Servers from untrusted networks

CVEs (1)

CVE-2026-10831

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/55c808a3-5687-434c-a42c-06095ae69c26

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.