SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-831874895] Moxa NPort Device Vulnerabilities

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-12-01OtherMoxaReid Wightman, Mikael Vingaard, Maxim RuppN/ACVE-2016-9361 CVE-2016-9369 CVE-2016-9363 CVE-2016-9371 CVE-2016N/AN/AN/A

Source

						
							
								
#
# Moxa NPort Device Vulnerabilities
#


### OVERVIEW

This advisory is a follow-up to the alert titled ICS-ALERT-16-099-01B Moxa NPort Device Vulnerabilities that was published April 8, 2016, on the NCCIC/ICS-CERT web site.
Security researchers Reid Wightman of RevICS Security, Mikael Vingaard, and Maxim Rupp have identified vulnerabilities in Moxa‚s NPort serial device servers. Moxa has produced new firmware versions to mitigate these vulnerabilities.
These vulnerabilities could be exploited remotely.



### AFFECTED PRODUCTS

Moxa reports that the vulnerability affects the following versions of NPort:
NPort 5110 versions prior to 2.6,
NPort 5130/5150 Series versions prior to 3.6,
NPort 5200 Series versions prior to 2.8,
NPort 5400 Series versions prior to 3.11,
NPort 5600 Series versions prior to 3.7,
NPort 5100A Series & NPort P5150A versions prior to 1.3,
NPort 5200A Series versions prior to 1.3,
NPort 5150AI-M12 Series versions prior to 1.2,
NPort 5250AI-M12 Series versions prior to 1.2,
NPort 5450AI-M12 Series versions prior to 1.2,
NPort 5600-8-DT Series versions prior to 2.4,
NPort 5600-8-DTL Series versions prior to 2.4,
NPort 6x50 Series versions prior to 1.13.11,
NPort IA5450A versions prior to v1.4



### IMPACT

Successful exploitation of these vulnerabilities could lead to the complete compromise of an affected system.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.



### BACKGROUND

Moxa is a Taiwan-based company that maintains offices in several countries around the world, including the US, UK, India, Germany, France, China, Russia, and Brazil.
The affected products, NPort devices, connect serial devices to Ethernet networks. According to Moxa, NPort devices are deployed across several sectors including Critical Manufacturing, Energy, and Transportation Systems. Moxa estimates that these products are used worldwide.



### VULNERABILITY CHARACTERIZATION

# VULNERABILITY OVERVIEW

CREDENTIALS MANAGEMENTa
Administration passwords can be retried without authenticating.
CVE-2016-9361b has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLSd
Firmware can be updated over the network without authentication, which may allow remote code execution.
CVE-2016-9369e has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CLASSIC BUFFER OVERFLOWg
Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code.
CVE-2016-9363h has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CROSS-SITE SCRIPTINGj
User-controlled input is not neutralized before being output to web page.
CVE-2016-9371k has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CROSS-SITE REQUEST FORGERYm
Requests are not verified to be intentionally submitted by the proper user.
CVE-2016-9365n has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTSp
An attacker can freely use brute force to determine parameters needed to bypass authentication.
CVE-2016-9366q has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

PLAIN TEXT STORAGE OF A PASSWORDs
A configuration file contains parameters that represent passwords in plaintext.
CVE-2016-9348t has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

RESOURCE EXHAUSTIONv
The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion.
CVE-2016-9367w has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)




### VULNERABILITY DETAILS

# EXPLOITABILITY

These vulnerabilities could be exploited remotely.



# EXISTENCE OF EXPLOIT

No known public exploits specifically target these vulnerabilities.



# DIFFICULTY

An attacker with low skill would be able to exploit these vulnerabilities.



### MITIGATION

Moxa has released new firmware versions, which address the identified vulnerabilities in all but one of the affected NPort devices
Moxa recommends installing the new firmware version.
NPort 5110 Version 2.6:
http://www.moxa.com/support/download.aspx?type=support&id=882


NPort 5130/5150 Series Version 3.6:
http://www.moxa.com/support/download.aspx?type=support&id=356


NPort 5200 Series Version 2.8:
http://www.moxa.com/support/download.aspx?type=support&id=904


NPort 5400 Series Version 3.11:
http://www.moxa.com/support/download.aspx?type=support&id=925


NPort 5600 Series Version 3.7:
http://www.moxa.com/support/download.aspx?type=support&id=905


NPort 5100A Series & NPort P5150A Version 1.3:
http://www.moxa.com/support/download.aspx?type=support&id=1403


NPort 5200A Series Version 1.3:
http://www.moxa.com/support/download.aspx?type=support&id=1462


NPort 5150AI-M12 Series Version 1.2:
http://www.moxa.com/support/download.aspx?type=support&id=2206


NPort 5250AI-M12 Series Version 1.2:
http://www.moxa.com/support/download.aspx?type=support&id=2207


NPort 5450AI-M12 Series Version 1.2:
http://www.moxa.com/support/download.aspx?type=support&id=2208


NPort 5600-8-DT Series Version 2.4:
http://www.moxa.com/support/download.aspx?type=support&id=938


NPort 5600-8-DTL Series Version 1.3:
http://www.moxa.com/support/download.aspx?type=support&id=1819


NPort 6x50 Series Version 1.14:
http://www.moxa.com/support/download.aspx?type=support&id=733


NPort IA5450A Version 1.4:
http://www.moxa.com/support/download.aspx?type=support&id=1469


Moxa has reported that the NPort 6110 device was discontinued in December 2008 and will not have patches released to address these vulnerabilities
Moxa recommends that customers using the NPort 6110 should upgrade the affected device.