Moxa has released updates that close severe vulnerabilities in the firmware of some NPort serial network interface devices.
According to an advisory published by US ICS-СERT, the following devices are vulnerable:
- NPort 5110 v.2.2, 2.4, 2.6, 2.7
- NPort 5130 v.3.7 and prior
- NPort 5150 v.3.7 and prior
These devices are affected by three vulnerabilities that can be exploited to carry out remote attacks. One, CVE-2017-16719, allows an attacker to inject malicious packets that could potentially disrupt the availability of the devices. Another vulnerability, CVE-2017-16715, is a flaw in the handling of Ethernet frame padding and could lead to information disclosure. Finally, the CVE-2017-14028 vulnerability can be exploited to cause memory exhaustion by sending a large amount of TCP SYN packets.
All three vulnerabilities were closed by releasing firmware v.2.9 for NPort 5110 and v.3.8 for NPort 5130 and 5150.
NPort devices are industrial Serial-to-Ethernet converters that are commonly used in critical infrastructure facilities, including power stations, water treatment facilities and chemical plants. Devices of this type were targeted in December 2015 attacks on Ukrainian power companies.
Source: US ICS-СERT