7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.5%
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2).
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501442);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2019-9099");
script_name(english:"Moxa MB3xxx Series Protocol Gateways Stack-Based Buffer Overflow (CVE-2019-9099)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before
4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3,
and MB3180 devices before 2.1. A Buffer overflow in the built-in web
server allows remote attackers to initiate DoS, and probably to
execute arbitrary code (issue 1 of 2).
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6506053d");
script_set_attribute(attribute:"see_also", value:"https://www.us-cert.gov/ics/advisories/icsa-20-056-01");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Moxa has developed the following solutions to address the vulnerabilities:
- MB3170 Series: Download the new firmware.
- MB3270 Series: Download the new firmware.
- MB3180 Series: Download the new firmware.
- Moxa also recommends users follow below instructions to mitigate potential risks:
- Upgrade to the latest firmware and disable HTTP and Telnet communications.
- Use Moxa utilities (MGate Manager, NPort Administration Suite Utility) to change device configurations or
monitor the device status remotely.
- Use a VPN tunnel for a secure and protected connection between the devices and host PC.
- MB3280 Series: Download the new firmware.
- MB3480 Series: Download the new firmware.
- MB3660 Series: Download the new firmware.
Please see Moxaรขยยs security advisory for more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9099");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/02");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mb3170_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mb3180_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mb3270_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mb3280_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mb3480_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mb3660_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Moxa");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Moxa');
var asset = tenable_ot::assets::get(vendor:'Moxa');
var vuln_cpes = {
"cpe:/o:moxa:mb3170_firmware" :
{"versionEndIncluding" : "4.0", "family" : "MoxaMGate"},
"cpe:/o:moxa:mb3270_firmware" :
{"versionEndIncluding" : "4.0", "family" : "MoxaMGate"},
"cpe:/o:moxa:mb3180_firmware" :
{"versionEndIncluding" : "2.0", "family" : "MoxaMGate"},
"cpe:/o:moxa:mb3280_firmware" :
{"versionEndIncluding" : "3.0", "family" : "MoxaMGate"},
"cpe:/o:moxa:mb3480_firmware" :
{"versionEndIncluding" : "3.0", "family" : "MoxaMGate"},
"cpe:/o:moxa:mb3660_firmware" :
{"versionEndIncluding" : "2.2", "family" : "MoxaMGate"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
moxa | mb3170_firmware | cpe:/o:moxa:mb3170_firmware | |
moxa | mb3180_firmware | cpe:/o:moxa:mb3180_firmware | |
moxa | mb3270_firmware | cpe:/o:moxa:mb3270_firmware | |
moxa | mb3280_firmware | cpe:/o:moxa:mb3280_firmware | |
moxa | mb3480_firmware | cpe:/o:moxa:mb3480_firmware | |
moxa | mb3660_firmware | cpe:/o:moxa:mb3660_firmware |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.5%