Vulnerability Note VU#237495

MOXA Device Manager MDM Tool buffer overflow

Original Release date: 03 Feb 2011 | Last revised: 03 Feb 2011


The MOXA Device Manager MDM Tool contains a stack-based buffer overflow.


The MOXA Device Manager consists of an MDM Tool, which allows local users to connect to a remote MDM Gateway to monitor and manage embedded computers installed with MDM Agent software. MOXA Device Manager contains a stack-based buffer overflow vulnerability caused by the use of the strcpy function in the MDM Tool software component.

For additional information see ICSA-10-301-01A.


An attacker can cause the device to crash and may be able to execute arbitrary code.



According to MOXA's release notes for MDM Tool 2.3 addresses this vulnerability, "Avoid buffer overflow for MDM Tool while receiving hacking data."

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Moxa IncAffected-03 Feb 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was publicly disclosed by Rubén Santamarta.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: Unknown
  • Date Public: 20 Oct 2010
  • Date First Published: 03 Feb 2011
  • Date Last Updated: 03 Feb 2011
  • Severity Metric: 1.76
  • Document Revision: 20


If you have feedback, comments, or additional information about this vulnerability, please send us email.