MOXA NPort 5110

Plan PatchCVSS 8.2ICS-CERT ICSA-22-207-04Jul 26, 2022

Moxa

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow vulnerability (CWE-787) in Moxa NPort 5110 firmware version 2.1 allows remote attackers to write to arbitrary memory locations or cause denial of service. Successful exploitation could change device memory values and/or cause the device to become unresponsive. No public exploits are currently known.

What this means

What could happen

An attacker could modify memory in the NPort 5110 device, potentially altering its configuration or operation, or cause it to stop responding and require a manual restart.

Who's at risk

Water authorities, utilities, and manufacturers using Moxa NPort 5110 serial-to-Ethernet converters for remote device management in control system networks should be aware of this vulnerability. The NPort 5110 is commonly used to provide network access to legacy serial devices (PLCs, RTUs, sensors) in SCADA and ICS environments.

How it could be exploited

An attacker on the network could send specially crafted requests to the NPort 5110 device to corrupt its memory, either changing operational parameters or causing a denial of service. No special credentials or prior authentication are required.

Prerequisites

Network access to the NPort 5110 device on its management port (default Telnet/web interface port)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availableaffects serial gateway device used in safety-critical systems

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

NPort 5110All versionsNo fix (EOL)

NPort 5110: Firmware2.1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

NPort 5110

WORKAROUNDRestrict network access to the NPort 5110 device using firewall rules; allow only authorized management systems to reach its management ports

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa Technical Support to request the security patch when available

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: NPort 5110, NPort 5110: Firmware. Apply the following compensating controls:

HARDENINGPlace the NPort 5110 on an isolated control system network, separate from business networks and the Internet

HARDENINGIf remote access to the NPort 5110 is needed, route it through a VPN or secure out-of-band management network rather than direct Internet exposure

CVEs (2)

CVE-2022-2044 CVE-2022-2043

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/89915e7d-1282-400c-9f5e-af1a71f939ed

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.