Moxa OnCell G3470A-LTE Series Multiple Web Application Vulnerabilities

Monitor7.1MPSA-242550Jun 21, 2024

Summary

Multiple web server vulnerabilities in OnCell G3470A-LTE version 1.7.7 and prior stem from insufficient input validation and unsafe format string handling. These include command injection (CWE-77), buffer overflow (CWE-120), and external format string (CWE-134) flaws. Successful exploitation allows an authenticated attacker to execute arbitrary commands, leak memory/configuration data, or cause denial-of-service by crashing the web service.

What this means

What could happen

An attacker with network access to the web interface of an OnCell G3470A-LTE can execute unauthorized commands on the device, leak configuration data, or crash the service. This could disrupt remote monitoring and management of critical infrastructure.

Who's at risk

Water utilities and electrical utilities operating Moxa OnCell G3470A-LTE series cellular routers used for remote OT device management and telemetry. This device is commonly used as a gateway to reach PLCs, RTUs, and SCADA systems over cellular connections in unmanned sites.

How it could be exploited

An attacker sends crafted input to the web server (port 80/443) containing command injection payloads, format string exploits, or buffer overflow data. The vulnerable input validation fails to filter special characters and format string sequences. The attacker gains command execution or causes memory corruption on the device.

Prerequisites

Network access to the OnCell G3470A-LTE web interface (port 80/443)
Valid credentials (the device requires login; PR:L indicates low privilege user sufficient)

remotely exploitablerequires valid credentialslow complexity attackno patch availableaffects remote management infrastructure

Exploitability

Moderate exploit probability (EPSS 1.2%)

Affected products (1)

ProductAffected VersionsFix Status

OnCell G3470A-LTEAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGDo not expose the OnCell G3470A-LTE web interface to untrusted networks. Restrict access to the device from your engineering workstation network only.

HARDENINGRequire authentication using strong credentials and change default login passwords if in use.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDMonitor for vendor patches. As of this advisory, no firmware fix is available; check Moxa's website regularly for firmware updates for version 1.7.7 and later.

CVEs (4)

CVE-2024-4638 CVE-2024-4639 CVE-2024-4640 CVE-2024-4641

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4b24e4a3-1216-4be7-9250-aba70c620bf9