Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-12117: NPort 5100A Series Serial Device Servers Vulnerability

Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.

CVE
Open in Source
#vulnerability#auth

Please sign in

SUMMARY

NPort 5100A Series Serial Device Servers Vulnerability

  • Version: V1.0
  • Release Date: Apr 29, 2020
  • Reference:
    • CVE-2020-12117

A vulnerability was identified in Moxa’s NPort 5100A Series Serial Device Server. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

1

Unauthenticated Information Disclosure

The vulnerability allows an attacker to obtain the serial port configurations of the device without proper authentication.

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series

Affected Versions

NPort 5100A Series

Firmware Version 1.5 or lower

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series

Solutions

NPort 5100A Series

  1. Please upgrade to the latest firmware here (at least version 1.5 or higher).
  2. Disable “Moxa Service” under Console Setting.
  3. If you need to enable “Moxa Service”, please set those devices that can access NPort as whitelisted (for example, by their IP address). Then, enable “Apply additional restrictions” under the Accessible IP List configuration.

Acknowledgment:

We would like to express our appreciation to Maayan Fishelov from SCADAfence for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

Revision History:

VERSION

DESCRIPTION

RELEASE DATE

1.0

First Release

Apr 29, 2020

Relevant Products

NPort 5100A Series ·

  • Print this page

  • You can manage and share your saved list in My Moxa

Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

Feedback

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE