Login Sign Up

CVE-2022-27048

7.4 HIGH

📋 TL;DR

This vulnerability in Moxa MGate protocol gateways allows attackers to perform man-in-the-middle attacks by intercepting and potentially modifying communications between devices. It affects multiple MGate series with specific firmware versions, potentially compromising industrial control system integrity.

💻 Affected Systems

Products:
  • Moxa MGate MB3170 Series
  • Moxa MGate MB3270 Series
  • Moxa MGate MB3280 Series
  • Moxa MGate MB3480 Series
Versions: MB3170/MB3270: Firmware Version 4.2 or lower; MB3280: Firmware Version 4.1 or lower; MB3480: Firmware Version 3.2 or lower
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All affected devices running vulnerable firmware versions are susceptible regardless of configuration.

📦 What is this software?

Mgate Mb3170 Firmware by Moxa

View all CVEs affecting Mgate Mb3170 Firmware →

Mgate Mb3170 M Sc Firmware by Moxa

View all CVEs affecting Mgate Mb3170 M Sc Firmware →

Mgate Mb3170 M Sc T Firmware by Moxa

View all CVEs affecting Mgate Mb3170 M Sc T Firmware →

Mgate Mb3170 M St Firmware by Moxa

View all CVEs affecting Mgate Mb3170 M St Firmware →

Mgate Mb3170 M St T Firmware by Moxa

View all CVEs affecting Mgate Mb3170 M St T Firmware →

Mgate Mb3170 S Sc Firmware by Moxa

View all CVEs affecting Mgate Mb3170 S Sc Firmware →

Mgate Mb3170 S Sc T Firmware by Moxa

View all CVEs affecting Mgate Mb3170 S Sc T Firmware →

Mgate Mb3170 T Firmware by Moxa

View all CVEs affecting Mgate Mb3170 T Firmware →

Mgate Mb3170i Firmware by Moxa

View all CVEs affecting Mgate Mb3170i Firmware →

Mgate Mb3170i M Sc Firmware by Moxa

View all CVEs affecting Mgate Mb3170i M Sc Firmware →

Mgate Mb3170i M Sc T Firmware by Moxa

View all CVEs affecting Mgate Mb3170i M Sc T Firmware →

Mgate Mb3170i S Sc Firmware by Moxa

View all CVEs affecting Mgate Mb3170i S Sc Firmware →

Mgate Mb3170i S Sc T Firmware by Moxa

View all CVEs affecting Mgate Mb3170i S Sc T Firmware →

Mgate Mb3170i T Firmware by Moxa

View all CVEs affecting Mgate Mb3170i T Firmware →

Mgate Mb3270 Firmware by Moxa

View all CVEs affecting Mgate Mb3270 Firmware →

Mgate Mb3270 T Firmware by Moxa

View all CVEs affecting Mgate Mb3270 T Firmware →

Mgate Mb3270i Firmware by Moxa

View all CVEs affecting Mgate Mb3270i Firmware →

Mgate Mb3270i T Firmware by Moxa

View all CVEs affecting Mgate Mb3270i T Firmware →

Mgate Mb3280 Firmware by Moxa

View all CVEs affecting Mgate Mb3280 Firmware →

Mgate Mb3480 Firmware by Moxa

View all CVEs affecting Mgate Mb3480 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems, unauthorized command execution, data manipulation, or disruption of critical infrastructure operations.

🟠

Likely Case

Interception of sensitive industrial data, unauthorized monitoring of communications, or injection of malicious commands into industrial networks.

🟢

If Mitigated

Limited impact with proper network segmentation, encrypted communications, and monitoring in place.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers can easily intercept communications.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this vulnerability within the network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

MITM attacks require network positioning but no authentication to the device itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MB3170/MB3270: Firmware Version 4.3 or higher; MB3280: Firmware Version 4.2 or higher; MB3480: Firmware Version 3.3 or higher

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/mgate-mb3170-mb3270-mb3280-mb3480-protocol-gateways-vulnerability

Restart Required: Yes

Instructions:

1. Download latest firmware from Moxa website. 2. Backup current configuration. 3. Upload new firmware via web interface or CLI. 4. Reboot device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MGate devices in separate VLANs with strict firewall rules to limit MITM opportunities.

Encrypted Communications

all

Implement TLS/SSL or other encryption protocols for all communications passing through MGate devices.

🧯 If You Can't Patch

  • Implement strict network segmentation and access controls
  • Deploy network monitoring and intrusion detection systems

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > System Information) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify firmware version is updated to patched versions: MB3170/MB3270 ≥4.3, MB3280 ≥4.2, MB3480 ≥3.3

📡 Detection & Monitoring

Log Indicators:

  • Unexpected connection attempts
  • Protocol anomalies
  • Configuration changes

Network Indicators:

  • Unusual traffic patterns
  • Unexpected ARP or DNS responses
  • SSL/TLS certificate warnings

SIEM Query:

source="mgate" AND (event_type="connection_anomaly" OR event_type="protocol_violation")

📊 Metadata

CVE ID: CVE-2022-27048
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Published: April 15, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON