Moxa Fixes OnCell G3100-HSPA Series

Thursday, March 1, 2018 @ 03:03 PM gHale

Moxa released new firmware that fixes multiple vulnerabilities in its OnCell G3100-HSPA Series, according to a report with ICS-CERT.

The vulnerabilities are a reliance on cookies without validation and integrity checking, improper handling of length parameter inconsistency and a NULL pointer dereference.

RELATED STORIES
Siemens Fixing SIMATIC, SIMOTION, SINUMERIK
Philips Fixing ISP Vulnerabilities
Medtronic 2090 Carelink Programmer Vulnerabilities
Delta Electronics Mitigates WPLSoft Holes

A high-speed industrial-grade IP gateway, OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior suffer from the remotely exploitable vulnerabilities, discovered by Kirill Nesterov, Eugenie Potseluevskaya, and Radu Motspan of Kaspersky Labs.

Successful exploitation of these vulnerabilities may allow an attacker to remotely execute code on the device.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

In one vulnerability, the application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.

CVE-2018-5455 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

In addition, an attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.

CVE-2018-5453 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

Also, the application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.

CVE-2018-5449 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

The product sees use mainly in the commercial facilities, critical manufacturing and transportation systems sectors. It also sees action on a global basis.

Moxa released new firmware for OnCell G3100-HSPA that is now available.



Leave a Reply

You must be logged in to post a comment.