Multiple vulnerabilities in Moxa OnCell
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Authentication bypass
EUVDB-ID: #VU6677
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-7915
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a brute-force attack.
The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can perform brute-force attack to determine parameters for authentication bypass.
Successful exploitation of the vulnerability may allow an attacker to gain unauthorized access to vulnerable system.
MitigationInstall update from vendor's website.
OnCell: G3110-HSDPA 1.2 build 09123015 - 5104-HSPA
CPE2.3- cpe:2.3:h:moxa:oncell:G3110-HSDPA 1.2 build 09123015:*:*:*:*:*:*:*
- cpe:2.3:h:moxa:oncell:G3110-HSPA 1.3 build 15082117:*:*:*:*:*:*:*
- cpe:2.3:h:moxa:oncell:G3150-HSDPA 1.4 build 11051315:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU6678
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7913
CWE-ID:
CWE-256 - Unprotected Storage of Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to storing of passwords in plaintext. A local attacker can gain access to the files that store passwords in clear text and obtain credentials.
Successful exploitation of the vulnerability may result in information disclosure.
Install update from vendor's website.
OnCell: G3110-HSDPA 1.2 build 09123015 - 5104-HSPA
CPE2.3- cpe:2.3:h:moxa:oncell:G3110-HSDPA 1.2 build 09123015:*:*:*:*:*:*:*
- cpe:2.3:h:moxa:oncell:G3110-HSPA 1.3 build 15082117:*:*:*:*:*:*:*
- cpe:2.3:h:moxa:oncell:G3150-HSDPA 1.4 build 11051315:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site request forgery
EUVDB-ID: #VU6679
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-7917
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform CSRF attack.
The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify the configuration on the target device.
Install update from vendor's website.
OnCell: G3110-HSDPA 1.2 build 09123015 - 5104-HSPA
CPE2.3- cpe:2.3:h:moxa:oncell:G3110-HSDPA 1.2 build 09123015:*:*:*:*:*:*:*
- cpe:2.3:h:moxa:oncell:G3110-HSPA 1.3 build 15082117:*:*:*:*:*:*:*
- cpe:2.3:h:moxa:oncell:G3150-HSDPA 1.4 build 11051315:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
