Rewterz Threat Alert – WinPot Malware Turns ATM into a Slot Machine
February 25, 2020Rewterz Threat Advisory – ICS: Moxa MB3xxx Series Protocol Gateways
February 26, 2020Rewterz Threat Alert – WinPot Malware Turns ATM into a Slot Machine
February 25, 2020Rewterz Threat Advisory – ICS: Moxa MB3xxx Series Protocol Gateways
February 26, 2020Severity
High
Analysis Summary
CVE-2020-7007
The attacker may execute arbitrary codes or target the device, causing it to go out of service.
CVE-2020-7001
The affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
CVE-2020-6979
The affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.
CVE-2020-6981
An attacker may gain access to the system without proper authentication.
CVE-2020-6989
Some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
CVE-2020-6997
Sensitive information is transmitted over some web applications in cleartext.
CVE-2020-6991
Weak password requirements may allow an attacker to gain access using brute force.
Impact
- Crashing of device
- Execution of arbitrary code
- Allow access to sensitive information
Affected Vendors
Moxa
Affected Products
- EDS-G516E Series firmware Version 5.2 or lower
- EDS-510E Series firmware Version 5.2 or lower
Remediation
Upgrade to latest version available.
- EDS-G516E Series: Download the new firmware
- EDS-510E Series: please contact Moxa Technical Support for assistance.