Vulnerability Description
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Oncell G3110-Hspa Firmware | <= 1.4 |
| Moxa | Oncell G3110-Hspa | - |
| Moxa | Oncell G3110-Hspa-T Firmware | <= 1.4 |
| Moxa | Oncell G3110-Hspa-T | - |
| Moxa | Oncell G3150-Hspa Firmware | <= 1.4 |
| Moxa | Oncell G3150-Hspa | - |
| Moxa | Oncell G3150-Hspa-T Firmware | <= 1.4 |
| Moxa | Oncell G3150-Hspa-T | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02PatchThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-5455?
CVE-2018-5455 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to...
How severe is CVE-2018-5455?
CVE-2018-5455 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-5455?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Oncell G3110-Hspa Firmware, Moxa Oncell G3110-Hspa, Moxa Oncell G3110-Hspa-T Firmware, Moxa Oncell G3110-Hspa-T, Moxa Oncell G3150-Hspa Firmware.