CVE-2022-27048

moderate-risk
Published 2022-04-15

A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower.

Do I need to act?

-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10 High
NETWORK / HIGH complexity

Affected Products (20)

Mgate Mb3170I Firmware
Mgate Mb3170I-T Firmware
Mgate Mb3170-M-St Firmware
Mgate Mb3170-M-Sc-T Firmware
Mgate Mb3170 Firmware
Mgate Mb3170-T Firmware
Mgate Mb3170-M-Sc Firmware
Mgate Mb3170I-S-Sc Firmware
Mgate Mb3270I Firmware
Mgate Mb3270I-T Firmware
Mgate Mb3170I-M-Sc Firmware
Mgate Mb3170-S-Sc-T Firmware
Mgate Mb3170I-M-Sc-T Firmware
Mgate Mb3270 Firmware
Mgate Mb3270-T Firmware
Mgate Mb3170-S-Sc Firmware
Mgate Mb3170-M-St-T Firmware
Mgate Mb3170I-S-Sc-T Firmware
Mgate Mb3280 Firmware
Mgate Mb3480 Firmware

Affected Vendors

Moxa

References (2)

Vendor Advisory https://www.moxa.com/en/support/product-support/security-advisory/mgate-mb3170-m...
Vendor Advisory https://www.moxa.com/en/support/product-support/security-advisory/mgate-mb3170-m...
43
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate