OTPulse
FeedAboutContact

Moxa NPort 6000 Series Incorrect Implementation of Authentication Algorithm Vulnerability

Low Risk1MPSA-232905Nov 1, 2023
Summary

A vulnerability exists in NPort 6000 Series serial device servers due to incorrect implementation of the authentication algorithm combined with storage of passwords in a recoverable format using weak cryptography. An attacker with network access to the web service can bypass authentication and gain privileged access without providing valid credentials, potentially allowing unauthorized configuration changes or information disclosure.

What this means
What could happen
An attacker can gain unauthorized administrative access to the NPort 6000 web interface without credentials, allowing them to view or modify device configuration, network settings, and operational parameters that control network connectivity for critical systems.
Who's at risk
Water utilities and electric utilities using NPort 6000 Series serial device servers for remote management of RTUs, PLCs, or other serial-connected industrial devices. Any organization relying on NPort 6000 for network-to-serial conversion in critical infrastructure should implement compensating controls immediately.
How it could be exploited
An attacker on the network sends a request to the NPort 6000 web service and exploits the weak authentication mechanism to bypass login controls. Because passwords are stored in a recoverable format using a broken cryptographic algorithm, the attacker can extract and recover plaintext credentials or bypass authentication checks entirely to gain privileged access to the web interface.
Prerequisites
  • Network access to the NPort 6000 web service (typically port 80 or 443)
  • No valid credentials required
Remotely exploitableNo authentication requiredLow complexity attackNo patch availableAuthentication bypass potential
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
NPort 6000All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the NPort 6000 web service using firewall rules or network segmentation—allow only authorized engineering workstations and management systems
HARDENINGDisable or limit remote access to the web service if not required for normal operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to isolate the NPort 6000 on a dedicated management network separate from operational networks
Mitigations - no patch available
0/1
NPort 6000 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor for unauthorized access attempts to the NPort 6000 web interface
View full Moxa Security advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7d7fc3a5-ecae-4330-bb88-ae762a43a102