search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

MOXA Device Manager MDM Tool buffer overflow

Vulnerability Note VU#237495

Original Release Date: 2011-02-03 | Last Revised: 2011-02-03

Overview

The MOXA Device Manager MDM Tool contains a stack-based buffer overflow.

Description

The MOXA Device Manager consists of an MDM Tool, which allows local users to connect to a remote MDM Gateway to monitor and manage embedded computers installed with MDM Agent software. MOXA Device Manager contains a stack-based buffer overflow vulnerability caused by the use of the strcpy function in the MDM Tool software component.

For additional information see ICSA-10-301-01A.

Impact

An attacker can cause the device to crash and may be able to execute arbitrary code.

Solution

Upgrade

According to MOXA's release notes for MDM Tool 2.3 addresses this vulnerability, "Avoid buffer overflow for MDM Tool while receiving hacking data."

Vendor Information

237495
 
Expand all

Moxa Inc Affected

Updated:  February 03, 2011

Status

Affected

Vendor Statement

According to MOXA's release notes for MDM Tool 2.3 addresses this vulnerability, "Avoid buffer overflow for MDM Tool while receiving hacking data."

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was publicly disclosed by Rubén Santamarta.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Severity Metric: 1.76
Date Public: 2010-10-20
Date First Published: 2011-02-03
Date Last Updated: 2011-02-03 18:09 UTC
Document Revision: 20

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis