Moxa NPort Serial-to-Ethernet Server Multiple Vulnerabilities

critical Nessus Plugin ID 91284

Synopsis

The remote Moxa NPort Serial-to-Ethernet server model is affected by multiple vulnerabilities.

Description

According to its telnet banner, the Moxa NPort Serial-to-Ethernet server model is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists that allows an unauthenticated attacker to disclose sensitive account information.

- A remote code execution vulnerability exists due to a failure to authenticate firmware updates.

- An unspecified buffer overflow condition exists that allows an attacker to execute arbitrary code.

- An unspecified cross-site scripting (XSS) vulnerability exists that allows a remote attacker to execute arbitrary code in the user's browser session.

- An unspecified cross-site request forgery vulnerability (XSRF) exists that allows a remote attacker to trick a user into making an unintentional request.

Solution

There is currently no known workaround or solution. Moxa will release fixes for all devices in late August 2016, except for model version 6110, which is discontinued.

See Also

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01

Plugin Details

Severity: Critical

ID: 91284

File Name: scada_moxa_nport_ics-alert-16-099-01.nbin

Version: 1.44

Type: remote

Family: SCADA

Published: 5/20/2016

Updated: 7/19/2022

Configuration: Enable paranoid mode

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SCADA/Device/Moxa/NPort/model, SCADA/Device/Moxa/NPort/sn, SCADA/Device/Moxa/NPort/fw, Settings/ParanoidReport

Vulnerability Publication Date: 4/8/2016