Moxa Clears NPort Issue

Tuesday, December 26, 2017 @ 11:12 AM gHale


Moxa created new firmware to mitigate a credentials management issue in its NPort W2150A and W2250A products, according to a report with ICS-CERT.

Successful exploitation of this vulnerability, discovered by Federico Maggi, could allow unauthorized access.

RELATED STORIES
Schneider Clears Pelco Vulnerabilities
ABB Mitigates Ellipse Hole
Fix is in for Siemens LOGO! Soft Comfort
New Software Clears Ecava Issue

The following versions of NPort, a serial network interface, suffer from the remotely exploitable vulnerability:
• NPort W2150A Versions prior to 1.11
• NPort W2250A Versions prior to 1.11

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could exploit the vulnerability.

The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.

CVE-2017-16727 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

The product sees action in the critical manufacturing, energy, and transportation systems sectors. It also sees use on a global basis.

Taiwan-based Moxa produced new firmware Version 2.1 for the affected devices.



Leave a Reply

You must be logged in to post a comment.