Moxa NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability
Low Risk1MPSA-230304Aug 16, 2023
Summary
A hardcoded credential vulnerability exists in NPort IAW5000A-I/O Series firmware versions prior to v2.2 (CWE-798). The hardcoded key could potentially facilitate firmware manipulation and compromise device integrity.
What this means
What could happen
An attacker with network access could use the hardcoded credentials to authenticate to the device and modify its firmware, potentially altering its operational behavior or disabling its function in your network.
Who's at risk
Water authorities and municipal utilities using Moxa NPort IAW5000A-I/O serial-to-Ethernet converters for remote device management or data acquisition should assess their exposure. These devices are commonly used in pump stations, water treatment control systems, and distribution monitoring to provide remote access to legacy serial equipment like PLCs and RTUs.
How it could be exploited
An attacker discovers the hardcoded credentials through source code analysis or public disclosure, connects to the device's management interface over the network, and authenticates using those credentials to gain firmware access and control.
Prerequisites
- Network reachability to the NPort IAW5000A-I/O management interface
- Knowledge of the hardcoded credentials
- Firmware update capability or direct device management access
hardcoded credentialsremotely exploitableaffects industrial communication devicefirmware manipulation possible
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
NPort IAW5000A-I/OAll versionsv2.2
Remediation & Mitigation
0/3
Do now
0/1HARDENINGRestrict network access to the device management interface using firewall rules or network segmentation (allow access only from authorized engineering workstations)
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade NPort IAW5000A-I/O firmware to v2.2 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate the device on a protected OT network with restricted access from untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fc8c065c-7258-4c6e-a3ef-ba0e3884d3c2