MOXA NPort IAW5000A-I/O Series

Vulnerability

The built-in WEB server in MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits credentials of third-party services in cleartext. This affects the firmware versions prior to and including 2.1 for the NPort IAW5000A-I/O integrated serial device server [1].

Exploitation

An attacker can exploit this vulnerability over the network without authentication or user interaction. The cleartext transmission occurs when the built-in WEB server communicates with third-party services, making the credentials readable via network sniffing [1]. No special privileges or complex attack steps are required beyond network access to the affected device.

Impact

Successful exploitation allows an attacker to capture third-party service credentials in cleartext. This can lead to unauthorized access to those services, potentially resulting in information disclosure or further compromise of interconnected systems. The vulnerability has a CVSS v3 base score of 9.8, indicating critical severity due to remote exploitability without authentication [1].

Mitigation

MOXA has released firmware version 2.2 to address this vulnerability. Users are advised to upgrade to firmware version 2.2 or later. The CISA advisory recommends updating the firmware through MOXA's download center [1]. No workaround is provided, but limiting network access to the device can reduce exposure.