Moxa OnCell Central Manager Vulnerabilities

Plan Patch8.3ICS-CERT ICSA-15-328-01Aug 27, 2015

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

OnCell Central Manager Software versions prior to 2.2 contain hardcoded credentials (CWE-798) and insecure configuration storage (CWE-592) that allow unauthenticated network-based attackers to access and modify the manager's configuration. The OnCell Central Manager is used to centrally manage and configure Moxa OnCell cellular gateway devices deployed at remote sites for SCADA, telemetry, and ICS communications.

What this means

What could happen

An attacker with network access to the OnCell Central Manager could gain unauthorized access or modify system settings, potentially disrupting communication with remote cellular gateway devices across your network.

Who's at risk

Water and electric utilities operating Moxa cellular gateways (OnCell product line) for remote SCADA or telemetry communications should assess their use of OnCell Central Manager for device management and configuration. Any organization using version 2.2 or earlier is affected.

How it could be exploited

An attacker could send crafted requests over the network to the OnCell Central Manager to exploit hardcoded credentials or insecure configuration storage. Once authenticated, they could modify device configurations, add unauthorized gateways, or intercept communications to remote sites.

Prerequisites

Network access to the OnCell Central Manager (default ports 5000 or 8080)
No user credentials required - vulnerability exploits default/hardcoded credentials
Management interface must be reachable from attacker's network position

remotely exploitableno authentication requiredlow complexityno patch availabledefault credentialsCVSS 8.3 (high)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

OnCell Central Manager Software: <2.2<2.2No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDImplement firewall rules to restrict access to the OnCell Central Manager to only required workstations and block public/untrusted network access

HARDENINGMonitor for default or hardcoded credentials in use; if possible, attempt to change credentials through the management interface

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXEvaluate upgrading to OnCell Central Manager version 2.2 or later if available from Moxa

Mitigations - no patch available

0/1

OnCell Central Manager Software: <2.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the OnCell Central Manager on a restricted management network segment accessible only to authorized engineering staff

CVEs (2)

CVE-2015-6481 CVE-2015-6480

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/363fe873-bf6d-48c2-b39d-6a5e402aa3a1