CVE-2022-27048

EUVD-2022-31588
A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
moxamgate_mb3170i_firmware
𝑥
≤ 4.2
moxamgate_mb3170i-t_firmware
𝑥
≤ 4.2
moxamgate_mb3170-m-st_firmware
𝑥
≤ 4.2
moxamgate_mb3170-m-sc-t_firmware
𝑥
≤ 4.2
moxamgate_mb3170_firmware
𝑥
≤ 4.2
moxamgate_mb3170-t_firmware
𝑥
≤ 4.2
moxamgate_mb3170-m-sc_firmware
𝑥
≤ 4.2
moxamgate_mb3170i-s-sc_firmware
𝑥
≤ 4.2
moxamgate_mb3270i_firmware
𝑥
≤ 4.2
moxamgate_mb3270i-t_firmware
𝑥
≤ 4.2
moxamgate_mb3170i-m-sc_firmware
𝑥
≤ 4.2
moxamgate_mb3170-s-sc-t_firmware
𝑥
≤ 4.2
moxamgate_mb3170i-m-sc-t_firmware
𝑥
≤ 4.2
moxamgate_mb3270_firmware
𝑥
≤ 4.2
moxamgate_mb3270-t_firmware
𝑥
≤ 4.2
moxamgate_mb3170-s-sc_firmware
𝑥
≤ 4.2
moxamgate_mb3170-m-st-t_firmware
𝑥
≤ 4.2
moxamgate_mb3170i-s-sc-t_firmware
𝑥
≤ 4.2
moxamgate_mb3280_firmware
𝑥
≤ 4.1
moxamgate_mb3480_firmware
𝑥
≤ 3.2
𝑥
= Vulnerable software versions
References
https://www.moxa.com/en/support/product-support/security-advisory/mgate-mb3170-mb3270-mb3280-mb3480-protocol-gateways-vulnerability
https://www.moxa.com/en/support/product-support/security-advisory/mgate-mb3170-mb3270-mb3280-mb3480-protocol-gateways-vulnerability