Moxa has new firmware to mitigate a resource exhaustion vulnerability in its NPort 5210, 5230, 5232 products, according to a report with NCCIC.
Successful exploitation of this vulnerability, discovered by Mikael Vingaard, could allow a remote attacker to send TCP SYN packages, causing a resource exhaustion condition that would cause the device to become unavailable.
RELATED STORIES
Echelon Fixes Multiple Vulnerabilities
AVEVA InTouch Updates Available
AVEVA Hotfix for Stack-Based Buffer Overflow
ABB Looking to Fix Panel Builder 800
A serial network interface, NPort 5210, 5230, and 5232 Versions 2.9 build 17030709 and prior suffer from the remotely exploitable vulnerability.
In the vulnerability, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.
CVE-2018-10632 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The products see use mainly in the critical manufacturing, energy, and transportation systems sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Taiwan-based Moxa recommends users upgrade to the latest firmware version.