CVE-2023-4929

Summary

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.

Affected Software

VendorProductVersion RangeStatus
MoxaNPort 5000AI-M12 Series1.0 <= 1.5affected
MoxaNPort 5100 Series1.0 <= 3.10affected
MoxaNPort 5100A Series1.0 <= 1.6affected
MoxaNPort 5200 Series1.0 <= 2.12affected
MoxaNPort 5200A Series1.0 <= 1.6affected
MoxaNPort 5400 Series1.0 <= 3.14affected
MoxaNPort 5600 Series1.0 <= 3.11affected
MoxaNPort 5600-DT Series1.0 <= 2.9affected
MoxaNPort IA5000 Series1.0 <= 2.1affected
MoxaNPort IA5000A Series1.0 <= 2.0affected
MoxaNPort IA5000A-I/O Series1.0 <= 2.0affected
MoxaNPort IAW5000A-I/O Series1.0 <= 2.2affected
MoxaNPort P5150A Series1.0 <= 1.6affected

Weaknesses

  • CWE-354: CWE-354 Improper Validation of Integrity Check Value

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References