Moxa MB3xxx Series Protocol Gateways (ICSA-20-056-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on stack-based buffer overflow, integer overflow to buffer overflow, cross-site request forgery, use of a broken or risky cryptographic algorithm, information exposure, cleartext transmission of sensitive information, weak password requirements, cleartext storage of sensitive information, and incorrectly specified destination in a communication channel vulnerabilities in Moxa MB3170 series, MB3180 series, MB3270 series, MB3280 series, MB3480 series, and MB3660 series. Multiple versions of these products are affected. Successful exploitation of these vulnerabilities could crash the device, cause a buffer overflow, allow remote execution of arbitrary code, or allow access to sensitive information. Moxa has developed solutions to address the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.