Moxa AIG-301 Series Azure uAMQP Vulnerabilities

Plan Patch9.8MPSA-248041Apr 22, 2024

Summary

Moxa AIG-301 Series gateways prior to version 1.5 contain three critical memory safety vulnerabilities in the Azure uAMQP protocol implementation: a double free issue (CVE-2024-27099), use-after-free flaw (CVE-2024-25110), and integer overflow/memory safety issue (CVE-2024-21646). Each can be triggered by a specially crafted AMQP protocol message and lead to remote code execution without authentication or user interaction. All three vulnerabilities have a CVSS score of 9.8.

What this means

What could happen

An attacker can remotely execute arbitrary code on the AIG-301 gateway without authentication, potentially allowing them to manipulate data communications to connected industrial devices or disrupt the gateway's operation entirely.

Who's at risk

Critical for any organization using Moxa AIG-301 Series industrial gateways as an edge device for cloud data collection, telemetry aggregation, or remote device management in manufacturing, utilities, or critical infrastructure environments.

How it could be exploited

An attacker on the network sends a specially crafted Azure uAMQP protocol message to the AIG-301 (port typically 5671 or 5672). The malformed AMQP packet triggers a memory safety issue (double free, use-after-free, or integer overflow) in the AIG-301's uAMQP implementation, allowing arbitrary code execution on the device.

Prerequisites

Network access to the AIG-301 on its uAMQP listening port (typically 5671 or 5672)
No credentials required
No user interaction required

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (as of advisory date)Affects gateway/data aggregation functionalityCVSS 9.8 (critical)

Exploitability

Moderate exploit probability (EPSS 2.5%)

Affected products (1)

ProductAffected VersionsFix Status

AIG-301All versions1.5 or later

Remediation & Mitigation

0/3

Do now

0/3

HOTFIXContact Moxa support for firmware version 1.5 or later availability; install immediately upon release

HARDENINGImplement network segmentation to restrict unauthenticated access to the AIG-301 gateway; allow only known cloud services or trusted subnets to communicate with the device on AMQP ports

WORKAROUNDDisable Azure cloud connectivity on the AIG-301 if not required for operations, or configure firewall rules to block outbound connections to Azure AMQP endpoints

CVEs (3)

CVE-2024-27099 CVE-2024-25110 CVE-2024-21646

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a97a55a2-811a-4a6d-adfd-a67e3a4058d6