MOXA NPort IAW5000A-I/O Series

Vulnerability

The built-in web server in MOXA NPort IAW5000A-I/O firmware version 2.1 or lower [1] does not properly restrict access to sensitive information, allowing unauthorized display of data. This is one of six vulnerabilities disclosed for this device (CVE-2020-25192 specifically addresses exposure of sensitive information to an unauthorized actor) [1].

Exploitation

An attacker can exploit this vulnerability remotely with low skill level [1]. No authentication is required; the attacker simply sends a crafted request to the web server on the affected device to retrieve sensitive information without proper authorization [1].

Impact

Successful exploitation allows an attacker to gain access to sensitive information without authorization [1]. This could expose configuration details, credentials, or other data that could facilitate further attacks on the device or network.

Mitigation

MOXA has released updated firmware to address these vulnerabilities. Users should upgrade NPort IAW5000A-I/O firmware to version 2.2 or later [1]. CISA recommends users apply the update and review the vendor advisory for additional details [1].