CVE-2019-9095

Vulnerability

The vulnerability resides in Moxa MGate MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 series protocol gateways running firmware versions below 4.1, 2.1, 4.1, 3.1, 3.1, and 2.3 respectively [1]. It is a use of a broken or risky cryptographic algorithm (CWE-327) where sensitive information is protected with a weak cryptographic algorithm using predictable variables [2]. This allows an attacker to intercept weakly encrypted passwords during transmission or storage.

Exploitation

An attacker with network access to the affected device can intercept the weakly encrypted passwords, likely by capturing network traffic or gaining access to the device's storage [1]. No authentication is required to exploit this vulnerability. The attack is remotely exploitable and requires low skill level [1]. The attacker needs to observe the encrypted password data and then decrypt it due to the weak algorithm.

Impact

Successful exploitation allows the attacker to recover the plaintext passwords. This can then be used to gain administrative access to the device, potentially leading to full control over the gateway and the industrial network it connects to [1, 2]. The impact includes unauthorized access to sensitive information and potential compromise of the entire system.

Mitigation

Moxa has released firmware updates to address this vulnerability. The fixed versions are: MB3170 and MB3270 series firmware version 4.1, MB3280 and MB3480 series firmware version 3.1, MB3660 series firmware version 2.3, and MB3180 series firmware version 2.1 [1]. Users should update to these versions or later. If immediate patching is not possible, network segmentation and strict access controls are recommended as interim measures.