CVE-2023-6094
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | OnCell G3150A-LTE Series | 1.0 <= 1.3 | affected |
Weaknesses
- CWE-319: CWE-319: Cleartext Transmission of Sensitive Information
Workarounds
Since Oncell G3150A-LTE has been phased out, we don’t have any plans to address CVE 2023-6093 and CVE-2023-6094. We recommend that users follow the mitigation measures below to deploy the product in an appropriate product security context.
Moxa recommends users to implement the following mitigations if necessary:
Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.
Place control system networks and remote devices behind firewalls, isolating them from business networks.
When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.