A vulnerability classified as problematic has been found in Moxa MGate MB3170, MGate MB3270, MGate MB3280, MGate MB3480, MGate MB3660 and MGate MB3180 (Automation Software). This affects some unknown functionality. The manipulation with an unknown input leads to a memory allocation vulnerability. CWE is classifying the issue as CWE-789. The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. This is going to have an impact on availability. The summary by CVE is:

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service.

The weakness was published 03/11/2020 (Website). It is possible to read the advisory at moxa.com. This vulnerability is uniquely identified as CVE-2019-9097 since 02/24/2019. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.

Upgrading eliminates this vulnerability.

Similar entries are available at VDB-151333, VDB-151334, VDB-151336 and VDB-151337. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Automation Software

Vendor

• Moxa

Name

• MGate MB3170
• MGate MB3180
• MGate MB3270
• MGate MB3280
• MGate MB3480
• MGate MB3660

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion