CVE-2022-2043 - Vulnerability Details - OpenCVE

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00368.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Moxa Subscribe	Nport 5110 Subscribe Nport 5110 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:moxa:nport_5110_firmware:2.10:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-34346	MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04

History

Wed, 16 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-08-31T15:59:34.678Z

Updated: 2025-04-16T16:10:58.933Z

Reserved: 2022-06-09T00:00:00.000Z

Link: CVE-2022-2043

Vulnrichment

Updated: 2024-08-03T00:24:44.109Z

NVD

Status : Modified

Published: 2022-08-31T16:15:10.647

Modified: 2024-11-21T07:00:13.480

Link: CVE-2022-2043

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

{"containers": {"cna": {"affected": [{"product": "MOXA", "vendor": "MOXA", "versions": [{"status": "affected", "version": "Firmware Versions 2.10"}]}], "datePublic": "2022-07-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-31T15:59:34.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}], "source": {"advisory": "ICSA-22-207-04", "discovery": "EXTERNAL"}, "title": "MOXA NPort 5110 Out-of-bounds Write", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-07-26T14:06:00.000Z", "ID": "CVE-2022-2043", "STATE": "PUBLIC", "TITLE": "MOXA NPort 5110 Out-of-bounds Write"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MOXA", "version": {"version_data": [{"version_affected": "=", "version_value": "Firmware Versions 2.10"}]}}]}, "vendor_name": "MOXA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}]}, "source": {"advisory": "ICSA-22-207-04", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.109Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:54:28.451970Z", "id": "CVE-2022-2043", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:10:58.933Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-2043", "datePublished": "2022-08-31T15:59:34.678Z", "dateReserved": "2022-06-09T00:00:00.000Z", "dateUpdated": "2025-04-16T16:10:58.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.109Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2043", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-16T15:54:28.451970Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:54:29.975Z"}}], "cna": {"title": "MOXA NPort 5110 Out-of-bounds Write", "source": {"advisory": "ICSA-22-207-04", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "MOXA", "product": "MOXA", "versions": [{"status": "affected", "version": "Firmware Versions 2.10"}]}], "datePublic": "2022-07-26T00:00:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04", "tags": ["x_refsource_MISC"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-08-31T15:59:34.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, "source": {"advisory": "ICSA-22-207-04", "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Firmware Versions 2.10", "version_affected": "="}]}, "product_name": "MOXA"}]}, "vendor_name": "MOXA"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2043", "STATE": "PUBLIC", "TITLE": "MOXA NPort 5110 Out-of-bounds Write", "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-07-26T14:06:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2022-2043", "state": "PUBLISHED", "dateUpdated": "2025-04-16T16:10:58.933Z", "dateReserved": "2022-06-09T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-08-31T15:59:34.678Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_5110_firmware:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "13E91A69-BD97-4353-8939-9ED34DD9A149", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9D28B00-C0BD-4B70-B871-9D18F37DCBE9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive."}, {"lang": "es", "value": "MOXA NPort 5110: Versiones de Firmware 2.10, son vulnerables a una escritura fuera de l\u00edmites que puede causar que el dispositivo deje de responder"}], "id": "CVE-2022-2043", "lastModified": "2024-11-21T07:00:13.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-31T16:15:10.647", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}