Moxa MGate 5105-MB-EIP Series Protocol Gateways Vulnerability

Act Now1mgate-5105-mb-eip-series-protocol-gateways-vulnerabilityJan 6, 2020

Summary

Command Injection vulnerability (CWE-78, CVE-2020-8858) exists in the web server of the MGate 5105-MB-EIP Series Protocol Gateways that allows a remote attacker to execute arbitrary commands without authentication. The gateway translates between EtherNet/IP and serial Modbus protocols, meaning command execution could compromise data flow between industrial control systems and field devices. Moxa has not released a firmware patch for this product.

What this means

What could happen

An attacker could execute arbitrary commands on the MGate 5105-MB-EIP gateway's web server, potentially allowing them to alter protocol translations, intercept data between industrial networks (EtherNet/IP and serial devices), or disrupt communications between control systems and field equipment.

Who's at risk

Water authorities and electrical utilities that use Moxa MGate 5105-MB-EIP Series gateways to translate between EtherNet/IP industrial networks and serial Modbus/ASCII field devices. These devices are commonly found bridging SCADA networks to legacy pump stations, generator controllers, or sensor networks.

How it could be exploited

An attacker reaches the web server interface on the MGate device (port 80 or 443) from the network and injects shell commands into a web parameter that the server processes without proper sanitization. The commands execute with the privileges of the web server process on the gateway.

Prerequisites

Network access to the MGate 5105-MB-EIP web server (HTTP/HTTPS port)
No authentication required to exploit the command injection
Device must be connected to a network where the attacker can reach it

Remotely exploitable via web serverNo authentication requiredNo fix available from vendorEPSS score above 10% (18.5%)

Exploitability

High exploit probability (EPSS 18.5%)

Affected products (1)

ProductAffected VersionsFix Status

MGate 5105-MB-EIPAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGNetwork isolation: Restrict access to the MGate 5105-MB-EIP web server to engineering workstations and authorized administrative networks only using firewall rules or network segmentation.

WORKAROUNDDisable web server access if not required for your operations, or configure the gateway for local serial/console management only.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from the MGate device for suspicious commands or unusual HTTP requests.

Long-term hardening

0/1

HOTFIXEvaluate replacement with a newer Moxa protocol gateway model that has security updates available.

CVEs (1)

CVE-2020-8858

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e569f026-3402-44e4-913a-95719ba93bd4