As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. 
 

The identified vulnerability type and potential impact are shown below: 

Item Vulnerability Type Impact
1
Improper Validation of Integrity Check Value (CWE-354) 
CVE-2023-4929 
This vulnerability could allow an unauthorized attacker to gain control of a device. 

 

Vulnerability Scoring Details

ID CVSS V3.1 VECTOR REMOTE EXPLOIT WITHOUT AUTH?
CVE-2023-4929 6.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H No
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below. 

Product Series Affected Versions
NPort 5000AI-M12 Series  All firmware versions.
NPort 5100 Series (NPort 5130/5150 models)  All firmware versions.
NPort 5100 Series (NPort 5110 models)  All firmware versions.
NPort 5100A Series  All firmware versions.
NPort 5200 Series  All firmware versions.
NPort 5200A Series  All firmware versions.
NPort 5410/5430 (Rev. 3.2 and later) and NPort 5450 (all Rev.)  All firmware versions.
NPort 5410/5430 (Rev 2.x and prior)  All firmware versions.
NPort 5600 Series  All firmware versions.
NPort 5600-DT Series  All firmware versions.
NPort IA5000 Series (hardware version 2.0 and later)  All firmware versions.
NPort IA5000 Series (hardware version 1.x)  All firmware versions.
NPort IA5000A Series (NPort IA5450A Series)  All firmware versions.
NPort IA5000A Series (NPort IA5150A/IA5250A Series)  All firmware versions.
NPort IA5000A-I/O Series  All firmware versions.
NPort IAW5000A-I/O Series  All firmware versions.
NPort P5150A Series  All firmware versions.

 

Mitigation:

Due to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the hardening guide in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. 

Moxa recommends users follow these CISA recommendations. Users should 

  1. Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet. 

  1. Place control system networks and remote devices behind firewalls, isolating them from business networks. 

  1. When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices. 

 

Acknowledgment:

We would like to express our appreciation to NETEL (Network Equipment Test and Security Evaluation Laboratory), Sharif University of Technology, Iran, for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers. 

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Oct 3, 2023
1.1 Update affected versions to "All firmware versions." in Affected Products section Oct 20, 2023

Relevant Products

NPort 5000AI-M12 Series · NPort 5100 Series · NPort 5100A Series · NPort 5200 Series · NPort 5200A Series · NPort 5400 Series · NPort 5600 Series · NPort 5600-DT Series · NPort IA5000 Series · NPort IA5000A Series · NPort IA5000A-I/O Series · NPort IAW5000A-I/O Series · NPort P5150A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback