Moxa UC 7408-LX-Plus Firmware Overwrite Vulnerability

Monitor5.8ICS-CERT ICSA-16-152-01Mar 4, 2016

Attack VectorNetwork

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

The Moxa UC-7408 LX-Plus contains a firmware overwrite vulnerability that allows an authenticated administrator to supply malformed firmware update requests, potentially causing the device firmware to become corrupted or overwritten. This vulnerability affects all versions of the UC-7408 LX-Plus. The vendor has not released a patch and no update is planned.

What this means

What could happen

An authenticated user with administrative privileges could overwrite the device firmware, potentially disabling the UC-7408 gateway and disrupting network communication between your control network and connected devices.

Who's at risk

Water utilities and electric utilities using Moxa UC-7408 LX-Plus industrial gateways for remote device management, SCADA communications, or telemetry data relay. This affects any facility relying on this gateway for network connectivity to programmable logic controllers (PLCs), remote terminal units (RTUs), or other field devices.

How it could be exploited

An attacker with valid administrative credentials and network access to the management interface could submit a malformed firmware update request that overwrites the device firmware, causing the gateway to become inoperable.

Prerequisites

Valid administrative credentials for the UC-7408 management interface
Network access to the device management port/interface
Ability to submit firmware update requests

No patch availableRequires administrative credentialsHigh complexity attack

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

UC-7408 LX-Plus: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to the UC-7408 management interface using firewall rules; only permit access from authorized engineering workstations on a dedicated network segment

HARDENINGImplement strong access controls and monitor for unauthorized login attempts to the UC-7408 administrative interface

WORKAROUNDMonitor device logs and network traffic for suspicious firmware update attempts

Mitigations - no patch available

0/1

UC-7408 LX-Plus: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegregate the UC-7408 and dependent devices onto a protected network segment with egress filtering to limit lateral movement if the device is compromised

CVEs (1)

CVE-2016-4500

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cc16b71e-0995-4d62-bf67-14e6e525f905