Moxa MGate 5105-MB-EIP Series Protocol Gateways Vulnerabilities

Low Risk2mgate-5105-mb-eip-series-protocol-gateways-vulnerabilitiesJul 10, 2020

Summary

Multiple vulnerabilities were identified in Moxa's MGate 5105-MB-EIP Series Protocol Gateways: 1. Authentication Bypass by Capture-replay (CVE-2020-15494, ZDI-CAN-10791): An attacker can obtain the session ID of the connection between the host and the device, allowing unauthorized access. 2. Exposure of Sensitive Information (CVE-2020-15493, ZDI-CAN-10792): An attacker can decrypt the encrypted configuration file of the device, exposing sensitive information.

What this means

What could happen

An attacker who intercepts network traffic or gains access to configuration files could bypass authentication, access the gateway without credentials, and extract sensitive configuration data including potential device settings or credentials.

Who's at risk

This affects industrial facilities using Moxa MGate 5105-MB-EIP series protocol gateways for EtherNet/IP to serial device communications. This includes water treatment plants, wastewater facilities, electric utilities, and manufacturing operations that use these gateways to bridge legacy serial equipment with modern IP networks.

How it could be exploited

An attacker on the same network or able to capture traffic between a host and the MGate device can replay captured session IDs to gain unauthorized access. Additionally, an attacker with access to the device's encrypted configuration file can decrypt it to extract sensitive information.

Prerequisites

Network access to intercept traffic between host and MGate 5105-MB-EIP device
Access to or ability to capture network traffic for session replay
Alternatively, access to the device's configuration files

No authentication required for session replay exploitationLow complexity attackNetwork-based exploitation possibleNo patch availableAffects control system gateways

Affected products (1)

ProductAffected VersionsFix Status

MGate 5105-MB-EIPAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDEnsure physical and logical access controls to configuration files and management interfaces of the MGate device are restricted to authorized personnel only.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa for the solution mentioned in the advisory to address these vulnerabilities, or plan replacement of the MGate 5105-MB-EIP with a device that has vendor support and security updates.

Mitigations - no patch available

0/2

MGate 5105-MB-EIP has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to the MGate 5105-MB-EIP device. Use firewalls or VLANs to limit which systems can communicate with the gateway.

HARDENINGDeploy encryption and monitoring on the network segment containing the MGate device. Monitor for unusual connection patterns or session replay activity.

CVEs (2)

CVE-2020-15494 CVE-2020-15493

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ce27e2a9-d889-4c28-82f4-098751d72eed