CVE-2022-27048

Vulnerability

A vulnerability exists in Moxa MGate MB3170, MB3270, MB3280, MB3480, and MB3660 series protocol gateways due to a channel accessible by non-endpoint weakness (CWE-300). This allows an attacker to perform a man-in-the-middle (MITM) attack on the device. The affected firmware versions are: MGate MB3170 Series firmware version 4.2 or lower, MGate MB3270 Series firmware version 4.2 or lower, MGate MB3280 Series firmware version 4.1 or lower, MGate MB3480 Series firmware version 3.2 or lower, and MGate MB3660 Series firmware version 2.5 or lower [1].

Exploitation

An attacker with network access to the affected gateway can exploit this vulnerability without requiring authentication. The attacker can position themselves between the gateway and legitimate endpoints to intercept, modify, or relay communications. No user interaction or special privileges are needed beyond being on the same network segment [1].

Impact

Successful exploitation enables the attacker to perform a man-in-the-middle attack, which can lead to the disclosure or manipulation of sensitive data transmitted through the gateway, as well as potential disruption of industrial control communications. The compromise occurs at the network level, allowing the attacker to act as an intermediary between devices [1].

Mitigation

Moxa has released firmware updates to address this vulnerability. The solutions are: upgrade MGate MB3170 Series to firmware version 4.3 or later, MGate MB3270 Series to firmware version 4.3 or later, MGate MB3280 Series to firmware version 4.2 or later, MGate MB3480 Series to firmware version 4.1 or later, and MGate MB3660 Series to firmware version 2.6 or later [1]. No workarounds are documented; the recommended action is to apply the available firmware updates.