Product support

Security Advisories

SUMMARY

MGate MB3000 Series, MGate 5100 Series, and MGate W5000 Series Protocol Gateway Vulnerabilities

  • Version: V1.0
  • Release Date: Jun 01, 2016
  • Reference:
    • CVE-2016-5804

A product vulnerability was identified in Moxa’s MGate MB3000 Series, MGate 5100 Series, and MGate W5000 Series Protocol Gateway. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Authorization bypass (CWE-287), CVE-2016-5804 An attacker could use brute force to find a static Call ID from a cookie and bypass the authentication.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
MGate MB3170/MB3270 Series Firmware Version 2.4 or lower
MGate MB3180 Series Firmware Version 1.7 or lower
MGate MB3280 Series Firmware Version 2.6 or lower
MGate MB3480 Series Firmware Version 2.6 or lower
MGate MB3660 Series Firmware Version 2.1 or lower
MGate 5101-PBM-MN Firmware Version 1.2 or lower
MGate 5102-PBM-PN Firmware Version 1.2 or lower
MGate W5108/W5208 Firmware Version 1.2 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
MGate MB3170/MB3270 Series Please download the new firmware here.
MGate MB3180 Series Please download the new firmware here.
MGate MB3280 Series Please download the new firmware here.
MGate MB3480 Series Please download the new firmware here.
MGate MB3660 Series Please download the new firmware here.
MGate 5101-PBM-MN Please download the new firmware here.
MGate 5102-PBM-PN Please download the new firmware here.
MGate W5108/W5208 Please download the new firmware here.

 

Revision History:

 

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Jun 01, 2016

Relevant Products

MGate 5101-PBM-MN Series · MGate 5102-PBM-PN Series · MGate MB3170/MB3270 Series · MGate MB3180/MB3280/MB3480 Series · MGate MB3660 Series · MGate W5108/W5208 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
Feedback