Headline
CVE-2023-4204: NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Please sign in
SUMMARY
NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability
- Security Advisory ID: MPSA-230304
- Version: V1.0
- Release Date: Aug 16, 2023
- Reference:
- CVE-2023-4204 (cve.org)
CVE-2023-4204
A vulnerability has been identified in NPort IAW5000A-I/O Series firmware versions prior to v2.2, which poses a potential risk to the security and integrity of the affected device.
The identified vulnerability types and potential effects are shown below:
Item
Vulnerability Type
Impact
1
Use of hardcoded credentials
(CWE-798)
This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
AFFECTED PRODUCTS AND SOLUTIONS
Affected Products:
The affected products and firmware versions are shown below.
Product Series
Affected Versions
NPort IAW5000A-I/O Series
Firmware version 2.2 and prior
Solutions:
Moxa has developed appropriate solutions to address the vulnerability. The solutions for the affected products are shown below:
Product Series
Solutions
NPort IAW5000A-I/O Series
Please contact Moxa Technical Support for the security patch.
Mitigation:
Moxa recommends users to follow CISA’s recommendations and do the following to mitigate security vulnerabilities.
- Reduce network exposure by ensuring that all control-system devices and systems are not accessible via the Internet.
- Place control-system networks and remote devices behind firewalls, isolating them from business networks.
- When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.
Products Confirmed Not Vulnerable:
Only products listed in the Affected Products section of this advisory are known to be affected by this vulnerability. Moxa has confirmed that this vulnerability does not affect the following products:
- NPort 5000 (all series), NPort 6000 (all series), NPort Express Series, NPort IA5000 (all series), NPort P5150A Series, NPort S8000 Series, NPort S9000 (all series)
Revision History:
VERSION
DESCRIPTION
RELEASE DATE
1.0
First Release
Aug. 16, 2023
Relevant Products
NPort IAW5000A-I/O Series ·
Print this pageYou can manage and share your saved list in My Moxa
Related Advisories
- NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities
- NPort IAW5000A-I/O Series Serial Device Server Vulnerabilities
- NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities
Let’s get that fixed
If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.
Report a Vulnerability