Moxa Nport serial device servers vulnerability global statistical report

ICS-CERT on April 8 issued ICAL-ALERT-16-099-01, the report pointed out

  • Moxa NPort model 6110, firmware Version 1.13
  • Moxa NPort model 5110, firmware Version 2.5
  • Moxa NPort models 5130 and 5150, firmware Version 3.5
  • Moxa NPort models 6150, 6250, 6450, 6610, and 6650, with firmware Version 1.13

As the presence of the following versions of security vulnerabilities:

  1. To retrieve sensitive account information without verification
  2. Unauthenticated remote firmware update
  3. Buffer overflow
  4. XSS
  5. CSRF

These problems caused by Digitalbond Labs was found in Basecamp for Serial Converters research projects, at the same time in March this year on the 15th Rapid7’s blog also mentioned Moxa Nport null credentials problem, and found more than 2200 devices to access the Internet, of which 46% no password protection.

Serial device server is a serial to Ethernet enabled device, it can RS-232/485/422 serial converter to TCP / IP network interface, serial device servers via client and server model to achieve data transmission, wide mouth server application of the SCADA data acquisition links solve communication problems for serial and Ethernet. Nport Moxa is a serial device server family, used in domestic and global applications are extensive.

Moxa Nport network-wide distribution

We used a Nport UDP protocol for Moxa Nport series of serial device servers to scan the whole network for Moxa.

Nport scan statistics of the whole network scanner for the first time we scan time in mid-April 2015, the latest data from our entire network node shows that more than 8900 Nport different types of devices are connected to the public network. According to the distribution of the country, where access to the Internet using the most Nport countries Russia, and is Moxa headquarters in Taiwan.

Leave a Reply

Your email address will not be published. Required fields are marked *