SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-826847595] Moxa NPort W2150A and W2250A

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-12-21OtherMoxa Federico Maggi reported the vulnerability to ICS-CERT.N/ACVE-2017-1672 N/AN/AN/A

Source

						
							
								
#
# Moxa NPort W2150A and W2250A
#


### VULNERABLE VENDOR
Moxa 


### VULNERABLE PRODUCT
NPort W2150A and W2250A 


### RESEARCHER
Federico Maggi reported the vulnerability to ICS-CERT.


### AFFECTED PRODUCTS
The following versions of NPort, a serial network interface, are affected:

NPort W2150A Versions prior to 1.11, and
NPort W2250A Versions prior to 1.11


### IMPACT
Successful exploitation of this vulnerability could allow unauthorized access.


### VULNERABILITY OVERVIEW
CREDENTIALS MANAGEMENT CWE-255
The default password is empty on the device.
An unauthorized user can access the device without a password.
An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
CVE-2017-16727 has been assigned to this vulnerability.
A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan




### MITIGATION

Moxa has produced new firmware Version 2.1 for the affected devices that can be downloaded from:

https://www.moxa.com/support/download.aspx?type=support&id=14781