Moxa OnCell Central Manager Cellular Management Software Vulnerabilities

Act Now2oncell-central-manager-cellular-management-software-vulnerabilitiesMar 16, 2020

Summary

Moxa OnCell Central Manager contains two vulnerabilities from Apache Flex BlazeDS, a third-party component: (1) Unsafe deserialization of untrusted data (CVE-2017-5641) that could allow remote code execution on the application server; (2) XML External Entity (XXE) processing vulnerability (CVE-2015-3269) that could expose system information. Both affect all versions of OnCell Central.

What this means

What could happen

An attacker could execute arbitrary code on the OnCell Central Manager application server or extract sensitive configuration data and credentials, potentially gaining control over cellular connectivity for remote I/O devices across your facility.

Who's at risk

Water utilities and municipal electric utilities operating Moxa cellular gateways (OnCell I/O devices) managed through OnCell Central Manager should assess this risk. The vulnerability affects the central management application, which controls and monitors remote I/O device connectivity across distributed field sites.

How it could be exploited

An attacker with network access to OnCell Central Manager could send a malicious serialized object to the BlazeDS AMF endpoint, triggering unsafe deserialization and remote code execution on the server, or submit a specially crafted XML request to exploit XXE processing and read local files containing system information.

Prerequisites

Network access to OnCell Central Manager web interface or AMF endpoint
No authentication required for exploitation of the BlazeDS vulnerabilities
OnCell Central Manager must be deployed and accessible from the attacker's network location

remotely exploitableno authentication requiredlow complexityhigh EPSS score (48.5%)no patch availableaffects management of critical connectivity infrastructure

Exploitability

High exploit probability (EPSS 48.5%)

Affected products (1)

ProductAffected VersionsFix Status

OnCell CentralAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDIf possible, isolate OnCell Central Manager from untrusted networks using firewall rules; restrict access to the management interface to engineering workstations only

Mitigations - no patch available

0/3

OnCell Central has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to prevent direct access to OnCell Central Manager from SCADA systems, field devices, or the general corporate network; use VPN or jump host for management access

HARDENINGMonitor OnCell Central Manager for suspicious requests to AMF endpoints and unusual XML processing activity; review logs for failed or unauthorized access attempts

HARDENINGEvaluate alternatives or end-of-life replacement timelines for OnCell Central Manager given the lack of vendor patches; document risk acceptance if replacement is not feasible in the near term

CVEs (2)

CVE-2017-5641 CVE-2015-3269

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b0b6d81e-df27-4ec1-8991-2d9580da3927