Moxa created new firmware to mitigate injection, information exposure and resource exhaustion vulnerabilities in its NPort 5110, 5130, 5150, according to a report with ICS-CERT.
Successfully leveraging these remotely exploitable vulnerabilities, discovered by Florian Adamsky who also tested the new firmware, could allow for remote code execution on the device.
The following versions of NPort, a serial network interface, are affected:
• NPort 5110 Version 2.2
• NPort 5110 Version 2.4
• NPort 5110 Version 2.6
• NPort 5110 Version 2.7
• NPort 5130 Version 3.7 and prior
• NPort 5150 Version 3.7 and prior
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
In one vulnerability, an attacker may be able to inject packets that could potentially disrupt the availability of the device.
CVE-2017-16719 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
In addition, an attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.
CVE-2017-16715 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.
Also, an attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.
CVE-2017-14028 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The products see use mainly in the critical manufacturing, energy, and transportation systems sectors. They also see action on a global basis.