Moxa NPort Serial-to-Ethernet Server Multiple Vulnerabilities

Critical Nessus Plugin ID 91284

Synopsis

The remote Moxa NPort Serial-to-Ethernet server model is affected by multiple vulnerabilities.

Description

According to its telnet banner, the Moxa NPort Serial-to-Ethernet server model is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists that allows an unauthenticated attacker to disclose sensitive account information.

- A remote code execution vulnerability exists due to a failure to authenticate firmware updates.

- An unspecified buffer overflow condition exists that allows an attacker to execute arbitrary code.

- An unspecified cross-site scripting (XSS) vulnerability exists that allows a remote attacker to execute arbitrary code in the user's browser session.

- An unspecified cross-site request forgery vulnerability (XSRF) exists that allows a remote attacker to trick a user into making an unintentional request.

Solution

There is currently no known workaround or solution. Moxa will release fixes for all devices in late August 2016, except for model version 6110, which is discontinued.

See Also

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01

Plugin Details

Severity: Critical

ID: 91284

File Name: scada_moxa_nport_ics-alert-16-099-01.nbin

Version: 1.23

Type: remote

Family: SCADA

Published: 2016/05/20

Modified: 2018/11/06

Dependencies: 91283

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SCADA/Device/Moxa/NPort/model, SCADA/Device/Moxa/NPort/sn, SCADA/Device/Moxa/NPort/fw, Settings/ParanoidReport

Vulnerability Publication Date: 2016/04/08