SB2022061001 - Multiple vulnerabilities in Moxa NPort 5110 Series

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2022-2043)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and overwrite certain values in the memory to cause information to become unavailable.

2) Out-of-bounds write (CVE-ID: CVE-2022-2044)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

• https://www.moxa.com/en/support/product-support/security-advisory/nport5110-series-vulnerabilities
• https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04