Multiple vulnerabilities in Moxa NPort IA5000A Series
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-27149 CVE-2020-27150 CVE-2020-27184 CVE-2020-27185 |
| CWE-ID | CWE-284 CWE-256 CWE-319 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NPort IA5150A Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort IA5250A Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort IA5450A Series Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Moxa |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU52686
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27149
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNPort IA5150A Series: 1.4
NPort IA5250A Series : 1.4
NPort IA5450A Series: 1.7
External linkshttp://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities
http://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-018
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Unprotected storage of credentials
EUVDB-ID: #VU52688
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27150
CWE-ID:
CWE-256 - Unprotected Storage of Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to other users' credentials.
The vulnerability exists due to unprotected storage of credentials. A remote attacker can extract authentication credentials from a configuration file sent over an insecure communication channel and change the device’s configurations.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNPort IA5150A Series: 1.4
NPort IA5250A Series : 1.4
NPort IA5450A Series: 1.7
External linkshttp://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities
http://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-019
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cleartext transmission of sensitive information
EUVDB-ID: #VU52689
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27184
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNPort IA5150A Series: 1.4
NPort IA5250A Series : 1.4
NPort IA5450A Series: 1.7
External linkshttp://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities
http://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-020
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cleartext transmission of sensitive information
EUVDB-ID: #VU52690
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27185
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNPort IA5150A Series: 1.4
NPort IA5250A Series : 1.4
NPort IA5450A Series: 1.7
External linkshttp://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities
http://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
