Security Advisory

Moxa NPort 6000 and RealCOM Encryption Weakness and Missing Authentication

PITM and Traffic Intercept; No Client Authentication

Risk Information

Limited Threat

CVE ID

CVE-2022-43993

CVE-2022-43994

Vunerability Type

PITM and Traffic Intercept

No Client Authentication

CVSS3 Score

7.5

9.8

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affecting

NPort 6000 Series: v2.2 and prior

Windows Driver Manager Series (Windows 7 to 10 and Windows Server 2008 R2 to 2019, WHQL certified): v3.4 and prior

Windows Driver Manager Series (Windows 11 and Server 2022 and later, WHQL certified): v4.0 and prior

Mitigation

Update to a patched version:
NPort 6000 Series: Contact Moxa Technical Support for a patch.
Windows Driver Manager Series (Windows 7 to 10 and Windows Server 2008 R2 to 2019, WHQL certified): v3.5 or later.
Windows Driver Manager Series (Windows 11 and Server 2022 and later, WHQL certified): v4.1 or later.

03/14/2023