OTPulse
FeedAboutContact

ICSA-17-355-01_Moxa NPort W2150A and W2250A

Monitor6.5ICS-CERT ICSA-17-355-01Dec 21, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Moxa NPort W2150A and W2250A wireless serial device servers contain a vulnerability related to insufficient protection of credentials (CWE-522). The vulnerability allows an attacker with network access to obtain sensitive authentication information.

What this means
What could happen
An attacker could capture or extract credentials used to authenticate to the NPort device, potentially gaining access to manage the serial device server and any serial equipment it serves (such as RTUs, PLCs, or test equipment). This could allow unauthorized reconfiguration or disruption of connected industrial equipment.
Who's at risk
Water and electric utilities operating Moxa NPort W2150A or W2250A wireless serial device servers. These devices commonly connect legacy serial-based RTUs, PLCs, and field instruments to enterprise networks. Facilities with older process control equipment that rely on serial communications are most affected.
How it could be exploited
An attacker on the network could send requests to the NPort W2150A or W2250A to extract or intercept stored credentials. Once obtained, the attacker could authenticate to the device and modify its configuration or the behavior of connected serial equipment.
Prerequisites
  • Network access to the NPort device management interface (HTTP or similar)
  • No authentication required to trigger the vulnerability
remotely exploitableno authentication requiredlow complexityno patch availablecredential exposure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
NPort W2150A:< 1.11No fix (EOL)
NPort W2250A:< 1.11No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGRestrict network access to the NPort device management interfaces using firewall rules or network segmentation—only allow management traffic from authorized engineering workstations or VPN connections
WORKAROUNDDisable remote management (HTTP/HTTPS) if local console access is sufficient, and only enable it when needed for authorized administration
HARDENINGChange all default and stored credentials on the NPort devices immediately, and enforce strong passwords
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the NPort devices for suspicious access attempts
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: NPort W2150A:, NPort W2250A:. Apply the following compensating controls:
HARDENINGEvaluate replacing end-of-life NPort W2150A and W2250A devices with Moxa devices that receive security updates
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/86383126-df26-4e5d-9519-4e338cc56ba1
ICSA-17-355-01_Moxa NPort W2150A and W2250A | CVSS 6.5 - OTPulse