Moxa OnCell 3120-LTE-1 Series Multiple Vulnerabilities
Act Now6.1MPSA-244707Sep 4, 2024
Summary
OnCell 3120-LTE-1 Series firmware version 2.3 and prior contain multiple vulnerabilities in an outdated jQuery library. These include Cross-site Scripting (XSS) vulnerabilities (CVE-2020-7656, CVE-2020-11022, CVE-2020-11023, CVE-2020-11022) that allow remote attackers to inject HTML or JavaScript into the web interface without authentication, and a Prototype Pollution vulnerability (CVE-2019-11358) that allows injection of object attributes used by other components. All four CVEs have a CVSS score of 6.1 and are unauthenticated, remotely exploitable, and actively being exploited in the wild (KEV status).
What this means
What could happen
An attacker can inject malicious JavaScript or HTML through the web interface, or modify how the device processes data, potentially compromising the integrity of the OnCell's configuration, monitoring, or remote management functions.
Who's at risk
Operators of Moxa OnCell 3120-LTE-1 cellular industrial gateway devices used for remote plant access, SCADA data relay, or telemetry in water utilities, power distribution, and other critical infrastructure. Any site using these devices for off-site management or redundant connectivity is affected.
How it could be exploited
An attacker with network access to the OnCell 3120-LTE-1 web interface can insert JavaScript code via input fields or URL parameters (XSS) or inject object attributes that propagate to backend logic (prototype pollution). The attacker does not need valid credentials. A user would need to interact with the malicious input (click a link, view a page) for XSS to trigger.
Prerequisites
- Network access to the OnCell 3120-LTE-1 web management interface (port 80 or 443)
- No authentication required
- User interaction required for XSS exploitation (clicking a malicious link or viewing a crafted page)
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (36.9%)no patch available
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
OnCell 3120-LTE-1All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDRestrict network access to the OnCell 3120-LTE-1 web interface using a firewall; allow only trusted management stations or engineering networks
WORKAROUNDDisable or restrict the OnCell's web management interface if management can be performed via alternative secure methods or if the device is not actively managed
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXCheck with Moxa for firmware updates beyond version 2.3; if no patch is available, plan replacement of OnCell 3120-LTE-1 units or discontinue their use
Mitigations - no patch available
0/1OnCell 3120-LTE-1 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate the OnCell 3120-LTE-1 on a separate management VLAN or DMZ, limiting exposure to the broader plant network
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8654cb08-c0b2-4b81-bb00-2b5af473e8a1