OTPulse
FeedAboutContact

Moxa CVE-2025-0193: Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

Monitor5.2MPSA-247733Jan 15, 2025
Summary

A stored Cross-site Scripting (XSS) vulnerability exists in MGate 5121/5122/5123 Series firmware due to insufficient input sanitization in the "Login Message" functionality. An authenticated attacker with administrative access can inject malicious scripts that are stored on the device and executed when other users access the login page. The impact depends on the privileges of the compromised user account and could include unauthorized configuration changes or credential theft.

What this means
What could happen
An authenticated admin can inject malicious scripts into the login message that execute when other users log in, potentially allowing unauthorized configuration changes or credential theft depending on victim privileges.
Who's at risk
Water utilities, electric utilities, and manufacturing facilities using Moxa MGate 5121/5122/5123 series gateways for protocol conversion and remote access. Any organization where the device's web interface is exposed to multiple users or accessible from untrusted networks should prioritize network segmentation.
How it could be exploited
An attacker with administrative credentials accesses the MGate web interface, injects malicious JavaScript into the "Login Message" field, and saves it. When other users visit the login page, the stored script executes in their browser, potentially capturing credentials or performing actions on behalf of the logged-in user.
Prerequisites
  • Administrative credentials on the MGate device
  • Network access to the MGate web management interface (typically port 80/443)
  • A victim user must access the login page after the malicious script is injected
Requires administrative credentialsNo vendor patch availableStored vulnerability persists across sessionsAffects multi-user environments where users have different privilege levels
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
the MGate 5121/5122/5123 SeriesAll versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict administrative access to the MGate web interface using firewall rules or network segmentation; only authorized administrators should reach the device on ports 80/443
Mitigations - no patch available
0/2
the MGate 5121/5122/5123 Series has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement strong password policies and multi-factor authentication (if supported) to limit the likelihood of admin credential compromise
HARDENINGMonitor and audit administrative login activity and changes to the Login Message field
View full Moxa Security advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/0d6ac80f-6d7c-431d-896d-320cf1fade11
Moxa CVE-2025-0193: Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series | CVSS 5.2 - OTPulse