Moxa NPort 5110 Series Vulnerabilities

Low Risk2nport5110-series-vulnerabilitiesJul 31, 2023

Summary

Multiple out-of-bounds write vulnerabilities (CVE-2022-2044, CVE-2022-2043) in the Moxa NPort 5110 Series serial gateway allow remote attackers to trigger denial-of-service conditions by overwriting memory values. The vulnerabilities affect all versions of the NPort 5110, and no patch is available from the vendor. One vulnerability causes the device to become unresponsive; the other corrupts memory, making certain device values unavailable.

What this means

What could happen

An attacker could remotely cause the NPort 5110 to become unavailable or unresponsive, disrupting serial-to-Ethernet communication for critical devices like PLCs, sensors, and RTUs that rely on this gateway for network connectivity.

Who's at risk

Water utilities, municipalities, and industrial facilities using Moxa NPort 5110 serial gateways to connect legacy or serial-based equipment (PLCs, flow meters, pressure sensors, SCADA peripherals) to Ethernet networks should be concerned. Any facility relying on NPort 5110 for real-time sensor data or device control is at risk of losing connectivity.

How it could be exploited

An attacker with network access to the NPort 5110 could send specially crafted packets that trigger an out-of-bounds write condition, either crashing the device (causing a denial-of-service) or corrupting memory values that control device operation or connectivity.

Prerequisites

Network access to the NPort 5110 device
No authentication or credentials required

remotely exploitableno authentication requiredno patch availableaffects equipment availability

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

NPort 5110All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDImplement network segmentation or firewall rules to restrict network access to the NPort 5110 from untrusted networks or the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for unexpected device unavailability or resets of the NPort 5110 and investigate potential attacks

Mitigations - no patch available

0/1

NPort 5110 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGReplace or upgrade NPort 5110 units to a supported Moxa serial gateway product with current security patches (such as NPort 5230 or later models in the product family)

CVEs (2)

CVE-2022-2044 CVE-2022-2043

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/56ab691d-69f1-441b-8d6d-899d2c039c45