Moxa OnCell G3100-HSPA Series

Plan PatchCVSS 9.8ICS-CERT ICSA-18-060-02Mar 1, 2018

Moxa

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Moxa OnCell G3100-HSPA Series industrial cellular gateway contains multiple vulnerabilities (CWE-565, CWE-130, CWE-476) that allow remote attackers to execute arbitrary code on the device without authentication. The vulnerabilities are remotely exploitable over the network with low skill requirements. The affected product versions are OnCell G3100-HSPA Series running firmware 1.4 Build 160062919 or earlier. No firmware patch is available from Moxa. Exploitation could result in complete compromise of device functionality, including interception or modification of communications to remote assets and loss of remote site connectivity.

What this means

What could happen

An attacker with network access to the OnCell G3100-HSPA device can gain complete control of it, potentially disrupting remote site monitoring and control operations, altering communications, or causing loss of connectivity to distributed assets like remote pump stations or substations.

Who's at risk

This vulnerability affects the Moxa OnCell G3100-HSPA industrial cellular gateway, which is commonly used in utilities and water authorities for remote connectivity to distributed equipment such as remote terminal units (RTUs), pump stations, field sensors, and substations where out-of-band communication is required.

How it could be exploited

An attacker can send a specially crafted network request to the device on port 502 or other management ports without any authentication. The vulnerability allows the attacker to execute arbitrary code with full device privileges, bypassing all access controls and enabling them to modify device behavior or intercept communications.

Prerequisites

Network access to the OnCell device on its management or Modbus ports
No credentials required
Device must be running firmware version 1.4 Build 160062919 or earlier

remotely exploitableno authentication requiredlow complexityno patch availablecritical severityaffects remote access infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

OnCell G3100-HSPA Series:≤ 1.4 Build 160062919No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGPlace OnCell G3100-HSPA devices behind a firewall and isolate them from the business network to restrict unauthorized network access

HARDENINGImplement network segmentation so that remote access to these devices is only from designated secure networks or VPNs

WORKAROUNDIf remote access is required, restrict it to authorized personnel only through a VPN or equivalent secure tunnel; do not allow direct Internet exposure

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to these devices and alert on unexpected connection attempts or data flows

CVEs (3)

CVE-2018-5455 CVE-2018-5453 CVE-2018-5449

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/79673e52-a231-4085-9eae-b8a7cefc0189

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.