MOXA NPort 5110

Plan Patch8.2ICS-CERT ICSA-22-207-04Jul 26, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow vulnerability (CWE-787) in Moxa NPort 5110 firmware version 2.1 allows remote attackers to write to arbitrary memory locations or cause denial of service. Successful exploitation could change device memory values and/or cause the device to become unresponsive. No public exploits are currently known.

What this means

What could happen

An attacker could modify memory in the NPort 5110 device, potentially altering its configuration or operation, or cause it to stop responding and require a manual restart.

Who's at risk

Water authorities, utilities, and manufacturers using Moxa NPort 5110 serial-to-Ethernet converters for remote device management in control system networks should be aware of this vulnerability. The NPort 5110 is commonly used to provide network access to legacy serial devices (PLCs, RTUs, sensors) in SCADA and ICS environments.

How it could be exploited

An attacker on the network could send specially crafted requests to the NPort 5110 device to corrupt its memory, either changing operational parameters or causing a denial of service. No special credentials or prior authentication are required.

Prerequisites

Network access to the NPort 5110 device on its management port (default Telnet/web interface port)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availableaffects serial gateway device used in safety-critical systems

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

NPort 5110: Firmware2.1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the NPort 5110 device using firewall rules; allow only authorized management systems to reach its management ports

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa Technical Support to request the security patch when available

Mitigations - no patch available

0/2

NPort 5110: Firmware has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlace the NPort 5110 on an isolated control system network, separate from business networks and the Internet

HARDENINGIf remote access to the NPort 5110 is needed, route it through a VPN or secure out-of-band management network rather than direct Internet exposure

CVEs (2)

CVE-2022-2044 CVE-2022-2043

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/89915e7d-1282-400c-9f5e-af1a71f939ed