Moxa OnCell 3120-LTE-1 Series Multiple Vulnerabilities

Act NowCVSS 6.1MPSA-244707Sep 4, 2024

Moxa

Summary

OnCell 3120-LTE-1 Series firmware version 2.3 and prior contain multiple vulnerabilities in an outdated jQuery library. These include Cross-site Scripting (XSS) vulnerabilities (CVE-2020-7656, CVE-2020-11022, CVE-2020-11023, CVE-2020-11022) that allow remote attackers to inject HTML or JavaScript into the web interface without authentication, and a Prototype Pollution vulnerability (CVE-2019-11358) that allows injection of object attributes used by other components. All four CVEs have a CVSS score of 6.1 and are unauthenticated, remotely exploitable, and actively being exploited in the wild (KEV status).

What this means

What could happen

An attacker can inject malicious JavaScript or HTML through the web interface, or modify how the device processes data, potentially compromising the integrity of the OnCell's configuration, monitoring, or remote management functions.

Who's at risk

Operators of Moxa OnCell 3120-LTE-1 cellular industrial gateway devices used for remote plant access, SCADA data relay, or telemetry in water utilities, power distribution, and other critical infrastructure. Any site using these devices for off-site management or redundant connectivity is affected.

How it could be exploited

An attacker with network access to the OnCell 3120-LTE-1 web interface can insert JavaScript code via input fields or URL parameters (XSS) or inject object attributes that propagate to backend logic (prototype pollution). The attacker does not need valid credentials. A user would need to interact with the malicious input (click a link, view a page) for XSS to trigger.

Prerequisites

Network access to the OnCell 3120-LTE-1 web management interface (port 80 or 443)
No authentication required
User interaction required for XSS exploitation (clicking a malicious link or viewing a crafted page)

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (36.9%)no patch available

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (1)

ProductAffected VersionsFix Status

OnCell 3120-LTE-1All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the OnCell 3120-LTE-1 web interface using a firewall; allow only trusted management stations or engineering networks

WORKAROUNDDisable or restrict the OnCell's web management interface if management can be performed via alternative secure methods or if the device is not actively managed

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXCheck with Moxa for firmware updates beyond version 2.3; if no patch is available, plan replacement of OnCell 3120-LTE-1 units or discontinue their use

Mitigations - no patch available

0/1

OnCell 3120-LTE-1 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the OnCell 3120-LTE-1 on a separate management VLAN or DMZ, limiting exposure to the broader plant network

CVEs (4)

CVE-2019-11358 CVE-2020-7656 CVE-2020-11022 CVE-2020-11023

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8654cb08-c0b2-4b81-bb00-2b5af473e8a1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.