23 July 2018

Dangerous vulnerability fixed in Moxa NPort serial network interface devices

Moxa has fixed a dangerous vulnerability in NPort 5210, 5230 and 5232 serial network interface devices. A remote attacker could exploit the vulnerability by sending specially crafted SYN packets to cause a resource exhaustion condition and render the device unavailable.

The vulnerability affects devices with firmware versions 2.9 build 17030709 and prior.

The problem is due to uncontrolled resource consumption (CVE-2018-10632). A CVSS v.3 base score of 7.5 has been calculated for the vulnerability.

To fix this issue, updating the firmware of affected devices to the latest version is recommended.

Source: ICS-CERT