Moxa MGate MB3180/MB3280/MB3480 Series Protocol Gateways Vulnerabilities

Low Risk2mgate-mb3180-3280-3480-protocol-gateways-vulnerabilitiesSep 17, 2021

Summary

Moxa MGate MB3180/MB3280/MB3480 Series Protocol Gateways contain two denial-of-service vulnerabilities. CVE-2021-33823 allows an attacker to exhaust web server resources by flooding the device with packets. CVE-2021-33824 allows an attacker to exhaust web server resources by sending incomplete packets. Both affect all versions of the affected product series.

What this means

What could happen

An attacker could perform a denial-of-service attack against your protocol gateway, making it unresponsive and disrupting communication between field devices and control systems until the device is restarted.

Who's at risk

Any organization using Moxa MGate MB3180, MB3280, or MB3480 protocol gateways for industrial automation, water/wastewater treatment, power distribution, or manufacturing process automation should assess their exposure. These devices typically bridge older protocols (Modbus, PROFIBUS, etc.) to modern networks and are commonly found in electrical substations, water treatment plants, and manufacturing facilities.

How it could be exploited

An attacker with network access to the device's web server (typically port 80 or 443) can send either a flood of normal packets or malformed incomplete packets to exhaust server resources and render the gateway unresponsive. No credentials are required for either attack.

Prerequisites

Network reachability to the MGate web server (port 80 or 443)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availabledenial-of-service impact

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

MGate MB3180/MB3280/MB3480All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImplement firewall rules to restrict network access to the MGate web server ports (80/443) to only authorized management interfaces and control networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement rate limiting or DDoS protection on network infrastructure upstream of the MGate devices to mitigate packet flood attacks

HARDENINGMonitor web server logs and device uptime for signs of denial-of-service attacks (repeated connection resets, resource exhaustion)

Mitigations - no patch available

0/1

MGate MB3180/MB3280/MB3480 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegregate MGate protocol gateways onto a separate network segment with restricted inbound access from untrusted sources

CVEs (2)

CVE-2021-33823 CVE-2021-33824

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/76929d88-3c3d-4e3e-927a-9e8e3411369a