SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-222070971] Moxa OnCell G3100-HSPA Series

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-03-01OtherMoxa Kirill Nesterov, Eugenie Potseluevskaya, and Radu Motspan of Kaspersky Labs reported the vulnerabilities to NCCIC.N/ACVE-2018-5455 CVE-2018-5453 CVE-2018-5449 N/AN/AN/A

Source

						
							
								
#
# Moxa OnCell G3100-HSPA Series
#


### VULNERABLE VENDOR
Moxa 


### VULNERABLE PRODUCT
OnCell G3100-HSPA Series 


### RESEARCHER
Kirill Nesterov, Eugenie Potseluevskaya, and Radu Motspan of Kaspersky Labs reported the vulnerabilities to NCCIC.


### AFFECTED PRODUCTS
The following versions of OnCell, a high-speed industrial-grade IP gateway, are affected:

OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior


### IMPACT
Successful exploitation of these vulnerabilities may allow an attacker to remotely execute code on the device.


### VULNERABILITY OVERVIEW
RELIANCE ON COOKIES WITHOUT VALIDATION AND INTEGRITY CHECKING CWE-565
The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
CVE-2018-5455 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130
An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
CVE-2018-5453 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)


NULL POINTER DEREFERENCE CWE-476
The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.
CVE-2018-5449 has been assigned to this vulnerability.
A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)





### BACKGROUND
Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan




### MITIGATION

Moxa has released new firmware for OnCell G3100-HSPA that is available via the following link:

https://www.moxa.com/support/download.aspx?type=support&id=13668