Product support

Security Advisories

SUMMARY

MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities

  • Version: V1.0
  • Release Date: Sep 25, 2019

Multiple product vulnerabilities were identified in Moxa’s MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Stack-based buffer overflow (CWE-121) There were two separate issues that affected the buffer overflow in the built-in web server that allowed remote attackers to initiate a DoS attack and execute arbitrary code.
2 Integer overflow leads to a buffer overflow (CWE-680) Integer overflow causes unexpected memory allocation that can lead to a buffer overflow.
3 Bypass the CSRF protection mechanism by using a token (CWE-352) A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
4 Use of a broken or risky cryptographic algorithm (CWE-327)    Sensitive information may be revealed by using a weak cryptographic algorithm with predictable variables.
5 Information exposure (CWE-200) An attacker can access sensitive information and usernames via the built-in web-service without proper authorization.
6 User credentials are sent in cleartext (CWE-310) Sensitive information is transmitted over some web applications in clear text.
7 Weak password requirements (CWE-521) Weak password requirements may allow an attacker to gain access by using brute force.
8 Cleartext storage of sensitive information (CWE-312) Sensitive information is stored in configuration files using clear text, which allows attackers to use an administrative account.
9 Denial-of-service attack (CWE-400, CWE-941) The web service will become temporarily unavailable due to the fact that the attacker overloads the system and causes the service to crash.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Poduct Series Affected Versions
MB3170 Series Firmware Version 4.0 or lower
MB3270 Series Firmware Version 4.0 or lower
MB3180 Series Firmware Version 2.0 or lower
MB3280 Series Firmware Version 3.0 or lower
MB3480 Series Firmware Version 3.0 or lower
MB3660 Series Firmware Version 2.2 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Poduct Series Solutions
MB3170 Series Please download the new firmware/software here.
MB3270 Series Please download the new firmware/software here.
MB3180 Series Please download the new firmware/software here.

For vulnerabilities 5 and 7, Moxa recommends our customers follow below instructions to mitigate potential risks:
  1. Upgrade to the latest firmware and disable HTTP and Telnet communications.
  2. Use Moxa utilities (MGate Manager, NPort Administration Suite Utility) to change device configurations or monitor the device status remotely.
  3. Use a VPN tunnel for a secure and protected connection between the devices and host PC.
MB3280 Series Please download the new firmware/software here.
MB3480 Series Please download the new firmware/software here.
MB3660 Series Please download the new firmware/software here.

 

Acknowledgment:

We would like to express our appreciation to Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies for reporting the vulnerabilities, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Sep 25, 2019

Relevant Products

MGate MB3170/MB3270 Series · MGate MB3180/MB3280/MB3480 Series · MGate MB3660 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag