Moxa Releases New NPort Firmware

Thursday, November 16, 2017 @ 02:11 PM gHale


Moxa created new firmware to mitigate injection, information exposure and resource exhaustion vulnerabilities in its NPort 5110, 5130, 5150, according to a report with ICS-CERT.

Successfully leveraging these remotely exploitable vulnerabilities, discovered by Florian Adamsky who also tested the new firmware, could allow for remote code execution on the device.

RELATED STORIES
Siemens’ Mitigation Plan for KRACK Holes
ABB Working on Fix for TropOS
Philips Clears Hole in Medical Systems
AutomationDirect Mitigates Software Glitch

The following versions of NPort, a serial network interface, are affected:
• NPort 5110 Version 2.2
• NPort 5110 Version 2.4
• NPort 5110 Version 2.6
• NPort 5110 Version 2.7
• NPort 5130 Version 3.7 and prior
• NPort 5150 Version 3.7 and prior

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

In one vulnerability, an attacker may be able to inject packets that could potentially disrupt the availability of the device.

CVE-2017-16719 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, an attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.

CVE-2017-16715 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

Also, an attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.

CVE-2017-14028 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The products see use mainly in the critical manufacturing, energy, and transportation systems sectors. They also see action on a global basis.

Moxa has produced new firmware for the affected devices:
NPort 5110 
NPort 5130 and NPort 5150 



Leave a Reply

You must be logged in to post a comment.