CVE-2018-5455 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2018-5455?

CVE-2018-5455 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass authentication on Moxa OnCell G3100-HSPA Series cellular gateways by brute-forcing numeric-only cookie values. Attackers can gain unauthorized access to device functions and potentially control industrial equipment. Organizations using affected versions of these industrial cellular gateways are at risk.

📋 TL;DR

This vulnerability allows attackers to bypass authentication on Moxa OnCell G3100-HSPA Series cellular gateways by brute-forcing numeric-only cookie values. Attackers can gain unauthorized access to device functions and potentially control industrial equipment. Organizations using affected versions of these industrial cellular gateways are at risk.

💻 Affected Systems

Products:

Moxa OnCell G3100-HSPA Series

Versions: Version 1.4 Build 16062919 and prior

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface authentication mechanism. Devices with default configurations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to manipulate industrial control systems, disrupt operations, or use the device as an entry point into industrial networks.

🟠

Likely Case

Unauthorized access to device configuration and management functions, potentially enabling network reconnaissance or device manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though authentication bypass remains possible.

🌐 Internet-Facing: HIGH - These cellular gateways are often deployed with internet connectivity, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Even internally, attackers with network access could exploit this vulnerability to gain unauthorized device access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is simple to exploit using automated tools to brute-force numeric cookie values. No authentication required to attempt exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.5 or later

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3100-hspa-series-vulnerabilities

Restart Required: Yes

Instructions:

1. Download firmware version 1.5 or later from Moxa website. 2. Log into device web interface. 3. Navigate to Maintenance > Firmware Upgrade. 4. Upload new firmware file. 5. Wait for upgrade to complete and device to reboot.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate network segments with strict firewall rules

Access Control Lists

all

Restrict access to device management interfaces to authorized IP addresses only

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from critical systems
Deploy network-based intrusion detection to monitor for authentication bypass attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface: System > System Information > Firmware Version

Check Version:

Not applicable - check via web interface or serial console

Verify Fix Applied:

Verify firmware version is 1.5 or later and test authentication with invalid credentials

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful login
Unusual source IP addresses accessing device management interface

Network Indicators:

HTTP requests with numeric-only cookie values
Rapid authentication attempts to device web interface

SIEM Query:

source_ip=* AND (http_cookie=~"^[0-9]+$" OR (http_status=200 AND http_method=POST AND http_uri="/login.cgi"))

📊 Metadata

CVE ID: CVE-2018-5455

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-565

Published: March 5, 2018

Last Updated: November 21, 2024

🔗 References

https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02 Patch,Third Party Advisory,US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02 Patch,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-5455, you might also want to check these: