SB2019092521 - Multiple vulnerabilities in Moxa MB3xxx Series Protocol Gateways

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2019-9099)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the built-in web server. A remote unauthenticated attacker can trigger stack-based buffer overflow, perform a denial of service (DoS) attack and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Integer overflow (CVE-ID: CVE-2019-9098)

The vulnerability allows a remote attacker to cause a buffer overflow.

The vulnerability exists due to integer overflow. A remote attacker can trigger integer overflow that causes less memory to be allocated than expected, leading to a buffer overflow

3) Cross-site request forgery (CVE-ID: CVE-2019-9102)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in a predictable mechanism of generating tokens. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

4) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2019-9095)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected products use a weak cryptographic algorithm with predictable variables. A remote attacker can gain unauthorized access to sensitive information on the system.

5) Information disclosure (CVE-ID: CVE-2019-9103)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper access restrictions in the built-in web service. A remote attacker can gain unauthorized access to sensitive information and usernames on the system.

6) Cleartext transmission of sensitive information (CVE-ID: CVE-2019-9101)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

7) Weak password requirements (CVE-ID: CVE-2019-9096)

The vulnerability allows an attacker to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. An attacker can perform a brute-force attack and guess users' passwords.

8) Cleartext storage of sensitive information (CVE-ID: CVE-2019-9104)

9) Incorrectly Specified Destination in a Communication Channel (CVE-ID: CVE-2019-9097)

10) Improper Authentication (CVE-ID: N/A)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in authentication process. A remote attacker can bypass authentication by logging in with empty username/password and execute arbitrary actions with administrator privileges on an affected system.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/icsa-20-056-01
• https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities
• https://www.moxa.com/en/support/support/security-advisory/mgate-mb3180-3280-3480-3170-3270-vulnerability