Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Moxa's Statement Regarding ICSA-18-060-02 on OnCell G3110-HSPA/G3150-HSPA Vulnerability
Question Type Security Advisory
Updated 3/13/2018 11:47:51 AM
Hits 1
Products OnCell G3110-HSPA/OnCell G3150-HSPA
Suggestions

Background

On January 29th 2018, Moxa was contacted by ICS-CERT regarding reported security vulnerabilities of the MOXA OnCell G3100-HSPA Series.
The ICS-CERT advisory can be seen here: https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02

The reported vulnerabilities for these products are:

Item Vulnerability Type Impact
1 RELIANCE ON COOKIES WITHOUT VALIDATION AND INTEGRITY CHECKING The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
2 IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
3 NULL POINTER DEREFERENCE The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.

 

Affected Products and Solutions

  • OnCell G3110-HSPA with Firmware v1.4 Build 16062919 or prior
  • OnCell G3150-HSPA with Firmware v1.4 Build 16062919 or prior

Affected Product Fix
OnCell G3110-HSPA
OnCell G3150-HSPA

Moxa has addressed these vulnerabilities in a new firmware release for the OnCell G3100-HSPA & G3150-HSPA Series. You can download it from this link: https://www.moxa.com/support/download.aspx?type=support&id=13668


Revision History:

Version Description Release Date
1.0 First release March 12, 2018

 

Related Questions
Provide Feedback
Quality of this article
Poor                Excellent