Moxa OnCell

Act Now9.8ICS-CERT ICSA-17-143-01May 23, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Moxa OnCell G3110-HSDPA, G3150-HSDPA, and G3110-HSPA cellular gateways contain multiple authentication and session management flaws (CWE-307 password reset, CWE-256 weak password, CWE-352 CSRF) that allow unauthenticated remote attackers to gain administrative access to the device. These devices are end-of-life and will not receive vendor patches. An attacker with network access to the device's management ports can assume admin privileges, reconfigure routing, disable security, or monitor communications between SCADA systems and remote locations.

What this means

What could happen

An attacker could gain administrative access to OnCell cellular gateways without a password, allowing them to intercept, modify, or reroute industrial data communications and potentially alter device configurations affecting remote site operations.

Who's at risk

Water utilities and electric companies that use Moxa OnCell G3110-HSDPA, G3150-HSDPA, or G3110-HSPA cellular gateways for remote site communication and SCADA data. These devices typically connect main control facilities to unmanned or staffed remote sites such as pump stations, substations, or distribution network points.

How it could be exploited

An attacker on the network can connect directly to the OnCell device's management interface (typically port 502 or web management port) without providing credentials. Once authenticated as admin, they can modify settings, disable security features, or reconfigure routing to intercept traffic between the main facility and remote locations.

Prerequisites

Network access to the OnCell device management interface (default port 502 or port 80 for web interface)
No authentication required - device allows unauthenticated administrative access

remotely exploitableno authentication requiredlow complexityno patch availableaffects remote SCADA communications

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

OnCell G3110-HSDPA:≤ 1.2 build 09123015No fix (EOL)

OnCell G3150-HSDPA:≤ 1.4 build 11051315No fix (EOL)

OnCell G3110-HSPA:≤ 1.3 build 15082117No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to OnCell device management ports (port 502, port 80) using firewall rules - only allow connections from authorized engineering workstations or trusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor OnCell devices for unauthorized management access attempts; enable any available logging and review logs regularly

HARDENINGDo not deploy new OnCell HSDPA/HSPA models; transition to current Moxa cellular gateway products that receive security updates

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: OnCell G3110-HSDPA:, OnCell G3150-HSDPA:, OnCell G3110-HSPA:. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate OnCell devices on a protected management network separate from operational networks

CVEs (3)

CVE-2017-7915 CVE-2017-7913 CVE-2017-7917

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2e4c5d74-b00e-461f-ab02-7020af018d76