Man-in-the-Middle (MitM) attack in Moxa products - #VU60681
Published: February 17, 2022
Vulnerability identifier: #VU60681
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.
The vulnerability exists due to the channel is accessible by non-endpoint. A remote attacker can perform perform a man-in-the-middle attack on the target system.
Remediation
Install updates from vendor's website.