What is the severity of CVE-2021-32976?

The severity of CVE-2021-32976 is critical with a CVSS score of 9.8.

How can a remote attacker exploit CVE-2021-32976?

A remote attacker can exploit CVE-2021-32976 by sending specially crafted requests to the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier.

Which versions of Moxa NPort IAW5000A-I/O firmware are affected by CVE-2021-32976?

Moxa NPort IAW5000A-I/O firmware version 2.2 or earlier is affected by CVE-2021-32976.

How can I mitigate the vulnerability in Moxa NPort IAW5000A-I/O firmware?

To mitigate the vulnerability in Moxa NPort IAW5000A-I/O firmware, users should update to a version later than 2.2.

Vulnerability/
CVE-2021-32976

critical

9.8

CWE

787 121 119

1/4/2022

3/8/2024

CVE-2021-32976: Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-based Buffer Overflow

Q: What are the potential impacts of CVE-2021-32976?

CVE-2021-32976 may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.

First published: Fri Apr 01 2022(Updated: )

Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Moxa Nport Iaw5150a-6i\/o Firmware	<=2.2
Moxa Nport Iaw5150a-6i\/o
Moxa Nport Iaw5150a-12i\/o Firmware	<=2.2
Moxa Nport Iaw5150a-12i\/o
Moxa Nport Iaw5250a-6i\/o Firmware	<=2.2
Moxa Nport Iaw5250a-6i\/o
Moxa Nport Iaw5250a-12i\/o Firmware	<=2.2
Moxa Nport Iaw5250a-12i\/o
Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier

Remedy

Moxa has developed solutions to address these vulnerabilities. Please contact Moxa Technical Support for a security patch. Moxa has also published a security advisory to provide more information.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-187-01

Frequently Asked Questions

What is the severity of CVE-2021-32976?
The severity of CVE-2021-32976 is critical with a CVSS score of 9.8.
How can a remote attacker exploit CVE-2021-32976?
A remote attacker can exploit CVE-2021-32976 by sending specially crafted requests to the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier.
What are the potential impacts of CVE-2021-32976?
CVE-2021-32976 may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
Which versions of Moxa NPort IAW5000A-I/O firmware are affected by CVE-2021-32976?
Moxa NPort IAW5000A-I/O firmware version 2.2 or earlier is affected by CVE-2021-32976.
How can I mitigate the vulnerability in Moxa NPort IAW5000A-I/O firmware?
To mitigate the vulnerability in Moxa NPort IAW5000A-I/O firmware, users should update to a version later than 2.2.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/author
agent/title
agent/weakness
agent/first-publish-date
agent/description
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
vendor/moxa
canonical/moxa nport iaw5150a-6i\/o firmware
version/moxa nport iaw5150a-6i\/o firmware/2.2
canonical/moxa nport iaw5150a-6i\/o
canonical/moxa nport iaw5150a-12i\/o firmware
version/moxa nport iaw5150a-12i\/o firmware/2.2
canonical/moxa nport iaw5150a-12i\/o
canonical/moxa nport iaw5250a-6i\/o firmware
version/moxa nport iaw5250a-6i\/o firmware/2.2
canonical/moxa nport iaw5250a-6i\/o
canonical/moxa nport iaw5250a-12i\/o firmware
version/moxa nport iaw5250a-12i\/o firmware/2.2
canonical/moxa nport iaw5250a-12i\/o
canonical/moxa nport iaw5000a-i/o series firmware version 2.2 or earlier