Details of VAR-202310-2248

ID

VAR-202310-2248

CVE

CVE-2023-4929

TITLE

plural Moxa Inc. Vulnerability related to insufficient data integrity verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2023-013859

DESCRIPTION

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. nport 5150ai-m12-ct-t firmware, nport 5250ai-m12-ct-t firmware, nport 5150ai-m12-t firmware etc. Moxa Inc. The product contains a vulnerability related to insufficient data integrity verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-4929 // JVNDB: JVNDB-2023-013859

AFFECTED PRODUCTS

vendor:	moxa	model:	nport 5250ai-m12	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-s-sc	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-m-sc-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport ia5250ai-t-iex	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5232-t	scope:	lte	version:	2.12	Trust: 1.0
vendor:	moxa	model:	nport ia5450ai	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	nport 5410	scope:	gte	version:	3.2	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-s-sc	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-m-sc-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-s-sc-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5430	scope:	gte	version:	3.2	Trust: 1.0
vendor:	moxa	model:	nport 5610-16-48v	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5650-16-s-sc	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5150ai-m12-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5230	scope:	lte	version:	2.12	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-s-sc-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport 5150ai-m12	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5250i	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-s-sc	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5230a-t	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport 5650-16-m-sc	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-m-st	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport 5250ai-m12-ct	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5650-16-t	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-s-sc	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport 5150ai-m12-ct-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5130a-t	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport ia5150a-t-iex	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5250	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5110-t	scope:	lte	version:	2.10	Trust: 1.0
vendor:	moxa	model:	nport ia5150ai-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport 5210	scope:	lte	version:	2.12	Trust: 1.0
vendor:	moxa	model:	nport 5650-8-dt	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport ia-5250	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia5450a-t	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	nport ia5250a	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5450i-t	scope:	lte	version:	3.14	Trust: 1.0
vendor:	moxa	model:	nport 5150a-t	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport 5610-16	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport ia5450ai-t	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	nport 5110a	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport ia5150ai	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia5250a-iex	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia5000a-i\/o	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	nport ia-5150	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia5250ai	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia5150a	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia5150ai-t-iex	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia5150a-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-m-sc	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport 5610-8-dt-t	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport 5650i-8-dt-t	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport ia5250ai-iex	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5630-16	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5410	scope:	lte	version:	3.14	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-m-st-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-m-sc	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5150	scope:	lte	version:	3.10	Trust: 1.0
vendor:	moxa	model:	nport 5450ai-m12	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia5250ai-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5430	scope:	lte	version:	3.14	Trust: 1.0
vendor:	moxa	model:	nport iaw5000a-i\/o	scope:	lte	version:	2.2	Trust: 1.0
vendor:	moxa	model:	nport p5150a	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport 5130a	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-m-sc	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport 5650-8-s-sc	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5450ai-m12-ct-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5210a	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport 5610-8-dt	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport 5232i-t	scope:	lte	version:	2.12	Trust: 1.0
vendor:	moxa	model:	nport 5650-8	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport ia5150ai-iex	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5450-t	scope:	lte	version:	3.14	Trust: 1.0
vendor:	moxa	model:	nport 5410	scope:	gte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	nport 5650-8-dt-t	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport ia-5250i	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5210a-t	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport 5610-8-dt-j	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport 5430	scope:	gte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-m-st	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5232	scope:	lte	version:	2.12	Trust: 1.0
vendor:	moxa	model:	nport 5232i	scope:	lte	version:	2.12	Trust: 1.0
vendor:	moxa	model:	nport 5650-8-t	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5410	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport ia5250a-t-iex	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5650-16	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5650-8-m-sc	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5250ai-m12-ct-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5610-8	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5430	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport ia5150a-iex	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5650-16-hv-t	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport ia5450a	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	nport 5210-t	scope:	lte	version:	2.12	Trust: 1.0
vendor:	moxa	model:	nport 5610-8-48v	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport ia-5250i-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5150a	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport 5130	scope:	lte	version:	3.10	Trust: 1.0
vendor:	moxa	model:	nport 5650i-8-dt	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport 5110a-t	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport ia-5250i-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia-5150	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5650-8-hv-t	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport 5450ai-m12-ct	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5150i-m-sc	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5230-t	scope:	lte	version:	2.12	Trust: 1.0
vendor:	moxa	model:	nport 5450i	scope:	lte	version:	3.14	Trust: 1.0
vendor:	moxa	model:	nport 5630-8	scope:	lte	version:	3.11	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-s-sc-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5150ai-m12-ct	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5250-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport 5650-8-dt-j	scope:	lte	version:	2.9	Trust: 1.0
vendor:	moxa	model:	nport 5450ai-m12-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-s-sc-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-m-st-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-m-sc-t	scope:	lte	version:	2.1	Trust: 1.0
vendor:	moxa	model:	nport ia-5250-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport 5250a	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport p5150a-t	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport 5250ai-m12-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport ia-5150-m-sc-t	scope:	lte	version:	1.7	Trust: 1.0
vendor:	moxa	model:	nport ia5250a-t	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	nport 5450	scope:	lte	version:	3.14	Trust: 1.0
vendor:	moxa	model:	nport 5250a-t	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport 5230a	scope:	lte	version:	1.6	Trust: 1.0
vendor:	moxa	model:	nport 5110	scope:	lte	version:	2.10	Trust: 1.0
vendor:	moxa	model:	nport 5150ai-m12-ct-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250ai-m12-ct	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450ai-m12-ct-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5110-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250ai-m12-ct-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450ai-m12-ct	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5130a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5110a-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5110a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5110	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150ai-m12-ct	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5130a-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450ai-m12	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5130	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250ai-m12	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150ai-m12-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5250ai-m12-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5450ai-m12-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport 5150ai-m12	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-013859 // NVD: CVE-2023-4929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-4929
value:	HIGH
Trust: 1.0
psirt@moxa.com:	CVE-2023-4929
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-4929
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-4929
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@moxa.com:	CVE-2023-4929
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2023-4929
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-013859 // NVD: CVE-2023-4929 // NVD: CVE-2023-4929

PROBLEMTYPE DATA

problemtype:	CWE-354	Trust: 1.0
problemtype:	Incomplete data integrity verification (CWE-354) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-013859 // NVD: CVE-2023-4929

EXTERNAL IDS

db:	NVD	id:	CVE-2023-4929	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-013859	Trust: 0.8

sources: JVNDB: JVNDB-2023-013859 // NVD: CVE-2023-4929

REFERENCES

url:	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-4929	Trust: 0.8

sources: JVNDB: JVNDB-2023-013859 // NVD: CVE-2023-4929

SOURCES

db:	JVNDB	id:	JVNDB-2023-013859
db:	NVD	id:	CVE-2023-4929

LAST UPDATE DATE

2024-08-14T15:00:02.463000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-013859	date:	2023-12-22T02:33:00
db:	NVD	id:	CVE-2023-4929	date:	2023-10-06T15:28:35.260

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-013859	date:	2023-12-22T00:00:00
db:	NVD	id:	CVE-2023-4929	date:	2023-10-03T14:15:11.307