Moxa EDR-G903 Secure Router Vulnerabilities (Update A)

Act Now9.1ICS-CERT ICSA-16-042-01ANov 14, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Moxa EDR-G903 Secure Router contains multiple vulnerabilities in input validation and credential handling. Versions V3.4.11 and earlier are affected. The vulnerabilities allow unauthenticated attackers with network access to read sensitive data such as certificates and credentials (CWE-256, CWE-284), leak sensitive information through error messages (CWE-226), or trigger denial of service via resource exhaustion or buffer handling issues (CWE-401, CWE-400). No patch is available; the product is end-of-life or will not be updated.

What this means

What could happen

An attacker with network access to the EDR-G903 could read sensitive data (certificates, credentials) or crash the router, disrupting network connectivity for your plant's remote monitoring and field devices.

Who's at risk

Water and electric utilities using Moxa EDR-G903 secure routers for remote site connectivity, SCADA gateway functions, or field device data aggregation. Any organization relying on this router for critical plant-to-remote-office or device-to-controller communication.

How it could be exploited

An attacker sends crafted network packets to the router's management interface or exposed services on ports typically open on Moxa routers. No credentials are required. The router processes the malformed input and either leaks sensitive configuration data or becomes unresponsive.

Prerequisites

Network access to the EDR-G903 management port(s) (typically port 80, 443, or 502)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availableconfidentiality impact (credential/certificate theft)availability impact (denial of service)

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

EDR-G903: <=V3.4.11≤ V3.4.11No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDImplement firewall rules to restrict network access to the EDR-G903 management ports (HTTP, HTTPS, Modbus TCP) to only trusted engineering workstations and remote access systems

HARDENINGDisable unnecessary services and protocols on the EDR-G903 if they are not required for plant operations (e.g., HTTP management interface if HTTPS is available)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXReplace EDR-G903 units with a newer Moxa router model that has patches available for these vulnerabilities, or confirm all units are running the latest available firmware (V3.4.11 or later) and begin planning for hardware refresh

Mitigations - no patch available

0/1

EDR-G903: <=V3.4.11 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment the EDR-G903 onto a separate managed network or VLAN, isolating it from general IT systems and untrusted networks

CVEs (5)

CVE-2016-0875 CVE-2016-0876 CVE-2016-0877 CVE-2016-0878 CVE-2016-0879

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bd1fc6e2-7764-4230-88ec-501524cb4bb8