CVE-2025-15017
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | NPort 5000AI-M12 Series | 1.0 | affected |
| Moxa | NPort 5100 Series | 1.0 | affected |
| Moxa | NPort 5100A Series | 1.0 | affected |
| Moxa | NPort 5200 Series | 1.0 | affected |
| Moxa | NPort 5200A Series | 1.0 | affected |
| Moxa | NPort 5400 Series | 1.0 | affected |
| Moxa | NPort 5600 Series | 1.0 | affected |
| Moxa | NPort 5600-DT Series | 1.0 | affected |
| Moxa | NPort IA5000 Series | 1.0 | affected |
| Moxa | NPort IA5000A Series | 1.0 | affected |
| Moxa | NPort IA5000-G2 Series | 1.0 | affected |
Weaknesses
- CWE-489: CWE-489: Active Debug Code
Workarounds
- For the NPort 5000 Series, make sure that the physical protection of the NPort devices and/or the system meets the security needs of your application. By limiting physical access to authorized personnel, you significantly reduce the risk of local cyberattacks. Please refer to The Security Hardening Guide for NPort 5000 Series (v2.4 or later) https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/general-device-servers/nport-5100-series#resources for more information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.