Moxa Serial Device Servers Active Debug Code Vulnerability

A vulnerability exists in Moxa's NPort 5000 Series, including various sub-series, where active debug code is unintentionally left enabled in the UART interface. This flaw allows an attacker with physical access to the device to connect directly to the UART interface and, without needing authentication or user interaction, access internal debug functionalities. The exploitation of this vulnerability is considered low complexity but enables the execution of privileged operations and access to sensitive system resources. As a result, it poses a high risk to the device's overall functionality and security. However, no adverse effects on external or dependent systems have been reported.

Impact

Exploitation of this vulnerability allows unauthorized access to internal debug functions, execution of privileged operations, and access to sensitive system resources on the affected device. This could lead to significant disruptions or unauthorized changes in the device's operation.

Remediation

To address this vulnerability, it is recommended to ensure that physical access to the NPort devices is restricted to authorized personnel only. This can significantly reduce the risk of local cyberattacks. For more detailed guidance, refer to the 'Security Hardening Guide for NPort 5000 Series (v2.4 or later)'. Additionally, consult the 'General Security Recommendations' section to further enhance security.