CVE-2023-5627: Incorrect Implementation of Authentication Algorithm Vulnerability
First published: Wed Nov 01 2023(Updated: )
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
Credit: psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Moxa Nport 6150-t Firmware | <=1.21 | |
| Moxa Nport 6150-t | ||
| All of | ||
| Moxa Nport 6150 Firmware | <=1.21 | |
| Moxa Nport 6150 | ||
| All of | ||
| Moxa Nport 6250-m-sc-t Firmware | <=1.21 | |
| Moxa Nport 6250-m-sc-t | ||
| All of | ||
| Moxa Nport 6250-m-sc Firmware | <=1.21 | |
| Moxa Nport 6250-m-sc | ||
| All of | ||
| Moxa Nport 6250-s-sc-t Firmware | <=1.21 | |
| Moxa Nport 6250-s-sc-t | ||
| All of | ||
| Moxa Nport 6250-s-sc Firmware | <=1.21 | |
| Moxa Nport 6250-s-sc | ||
| All of | ||
| Moxa Nport 6250-t Firmware | <=1.21 | |
| Moxa Nport 6250-t | ||
| All of | ||
| Moxa Nport 6250 Firmware | <=1.21 | |
| Moxa Nport 6250 | ||
| All of | ||
| Moxa Nport 6450-t Firmware | <=1.21 | |
| Moxa Nport 6450-t | ||
| All of | ||
| Moxa Nport 6450 Firmware | <=1.21 | |
| Moxa Nport 6450 | ||
| All of | ||
| Moxa Nport 6610-16-48v Firmware | <=1.21 | |
| Moxa Nport 6610-16-48v | ||
| All of | ||
| Moxa Nport 6610-16 Firmware | <=1.21 | |
| Moxa Nport 6610-16 | ||
| All of | ||
| Moxa Nport 6610-32-48v Firmware | <=1.21 | |
| Moxa Nport 6610-32-48v | ||
| All of | ||
| Moxa Nport 6610-32 Firmware | <=1.21 | |
| Moxa Nport 6610-32 | ||
| All of | ||
| Moxa Nport 6610-8-48v Firmware | <=1.21 | |
| Moxa Nport 6610-8-48v | ||
| All of | ||
| Moxa Nport 6610-8 Firmware | <=1.21 | |
| Moxa Nport 6610-8 | ||
| All of | ||
| Moxa Nport 6650-16-48v Firmware | <=1.21 | |
| Moxa Nport 6650-16-48v | ||
| All of | ||
| Moxa Nport 6650-16-hv-t Firmware | <=1.21 | |
| Moxa Nport 6650-16-hv-t | ||
| All of | ||
| Moxa Nport 6650-16-t Firmware | <=1.21 | |
| Moxa Nport 6650-16-t | ||
| All of | ||
| Moxa Nport 6650-16 Firmware | <=1.21 | |
| Moxa Nport 6650-16 | ||
| All of | ||
| Moxa Nport 6650-32-48v Firmware | <=1.21 | |
| Moxa Nport 6650-32-48v | ||
| All of | ||
| Moxa Nport 6650-32-hv-t Firmware | <=1.21 | |
| Moxa Nport 6650-32-hv-t | ||
| All of | ||
| Moxa Nport 6650-32 Firmware | <=1.21 | |
| Moxa Nport 6650-32 | ||
| All of | ||
| Moxa Nport 6650-8-48v Firmware | <=1.21 | |
| Moxa Nport 6650-8-48v | ||
| All of | ||
| Moxa Nport 6650-8-hv-t Firmware | <=1.21 | |
| Moxa Nport 6650-8-hv-t | ||
| All of | ||
| Moxa Nport 6650-8-t Firmware | <=1.21 | |
| Moxa Nport 6650-8-t | ||
| All of | ||
| Moxa Nport 6650-8 Firmware | <=1.21 | |
| Moxa Nport 6650-8 |
Remedy
The vulnerability has been addressed in FWR v2.0 and subsequent versions; it does NOT exist in these firmware versions. For the users still using version v1.x, refer to the Hardening Guide https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/terminal-servers/nport-6100-6200-series#resources on Moxa’s website to: * Upgrade to the newest firmware version. * Disable the HTTP console.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-5627?
CVE-2023-5627 is the identifier for the Incorrect Implementation of Authentication Algorithm Vulnerability.
What is the severity of CVE-2023-5627?
The severity of CVE-2023-5627 is high, with a CVSS score of 7.5.
Which software is affected by CVE-2023-5627?
The NPort 6000 Series firmware versions up to 1.21 are affected by CVE-2023-5627.
What is the risk of CVE-2023-5627?
CVE-2023-5627 poses the risk of unauthorized access to the web service due to the vulnerability in the authentication mechanism.
How can I fix CVE-2023-5627?
To fix CVE-2023-5627, it is recommended to apply the latest firmware update provided by Moxa.
- agent/type
- agent/weakness
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/references
- agent/severity
- agent/title
- agent/remedy
- agent/author
- agent/epss
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- vendor/moxa
- canonical/moxa nport 6150-t firmware
- version/moxa nport 6150-t firmware/1.21
- canonical/moxa nport 6150-t
- canonical/moxa nport 6150 firmware
- version/moxa nport 6150 firmware/1.21
- canonical/moxa nport 6150
- canonical/moxa nport 6250-m-sc-t firmware
- version/moxa nport 6250-m-sc-t firmware/1.21
- canonical/moxa nport 6250-m-sc-t
- canonical/moxa nport 6250-m-sc firmware
- version/moxa nport 6250-m-sc firmware/1.21
- canonical/moxa nport 6250-m-sc
- canonical/moxa nport 6250-s-sc-t firmware
- version/moxa nport 6250-s-sc-t firmware/1.21
- canonical/moxa nport 6250-s-sc-t
- canonical/moxa nport 6250-s-sc firmware
- version/moxa nport 6250-s-sc firmware/1.21
- canonical/moxa nport 6250-s-sc
- canonical/moxa nport 6250-t firmware
- version/moxa nport 6250-t firmware/1.21
- canonical/moxa nport 6250-t
- canonical/moxa nport 6250 firmware
- version/moxa nport 6250 firmware/1.21
- canonical/moxa nport 6250
- canonical/moxa nport 6450-t firmware
- version/moxa nport 6450-t firmware/1.21
- canonical/moxa nport 6450-t
- canonical/moxa nport 6450 firmware
- version/moxa nport 6450 firmware/1.21
- canonical/moxa nport 6450
- canonical/moxa nport 6610-16-48v firmware
- version/moxa nport 6610-16-48v firmware/1.21
- canonical/moxa nport 6610-16-48v
- canonical/moxa nport 6610-16 firmware
- version/moxa nport 6610-16 firmware/1.21
- canonical/moxa nport 6610-16
- canonical/moxa nport 6610-32-48v firmware
- version/moxa nport 6610-32-48v firmware/1.21
- canonical/moxa nport 6610-32-48v
- canonical/moxa nport 6610-32 firmware
- version/moxa nport 6610-32 firmware/1.21
- canonical/moxa nport 6610-32
- canonical/moxa nport 6610-8-48v firmware
- version/moxa nport 6610-8-48v firmware/1.21
- canonical/moxa nport 6610-8-48v
- canonical/moxa nport 6610-8 firmware
- version/moxa nport 6610-8 firmware/1.21
- canonical/moxa nport 6610-8
- canonical/moxa nport 6650-16-48v firmware
- version/moxa nport 6650-16-48v firmware/1.21
- canonical/moxa nport 6650-16-48v
- canonical/moxa nport 6650-16-hv-t firmware
- version/moxa nport 6650-16-hv-t firmware/1.21
- canonical/moxa nport 6650-16-hv-t
- canonical/moxa nport 6650-16-t firmware
- version/moxa nport 6650-16-t firmware/1.21
- canonical/moxa nport 6650-16-t
- canonical/moxa nport 6650-16 firmware
- version/moxa nport 6650-16 firmware/1.21
- canonical/moxa nport 6650-16
- canonical/moxa nport 6650-32-48v firmware
- version/moxa nport 6650-32-48v firmware/1.21
- canonical/moxa nport 6650-32-48v
- canonical/moxa nport 6650-32-hv-t firmware
- version/moxa nport 6650-32-hv-t firmware/1.21
- canonical/moxa nport 6650-32-hv-t
- canonical/moxa nport 6650-32 firmware
- version/moxa nport 6650-32 firmware/1.21
- canonical/moxa nport 6650-32
- canonical/moxa nport 6650-8-48v firmware
- version/moxa nport 6650-8-48v firmware/1.21
- canonical/moxa nport 6650-8-48v
- canonical/moxa nport 6650-8-hv-t firmware
- version/moxa nport 6650-8-hv-t firmware/1.21
- canonical/moxa nport 6650-8-hv-t
- canonical/moxa nport 6650-8-t firmware
- version/moxa nport 6650-8-t firmware/1.21
- canonical/moxa nport 6650-8-t
- canonical/moxa nport 6650-8 firmware
- version/moxa nport 6650-8 firmware/1.21
- canonical/moxa nport 6650-8