Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cisco Finds Many Flaws in Moxa Industrial APs

Cisco’s Talos intelligence and research group has conducted a two-week analysis of an industrial wireless access point (AP) from Taiwan-based Moxa and discovered more than a dozen vulnerabilities, including ones that can be exploited to take full control of a device.

Cisco’s Talos intelligence and research group has conducted a two-week analysis of an industrial wireless access point (AP) from Taiwan-based Moxa and discovered more than a dozen vulnerabilities, including ones that can be exploited to take full control of a device.

A blog post published by Talos on Monday describes the vulnerabilities found by researchers during their tests. All of the flaws have been addressed by Moxa, except for one critical weakness, whose details will not be disclosed until a patch becomes available.

Experts focused on Moxa’s AWK-3131A AP, which is recommended for any type of industrial wireless application.Moxa AP vulnerabilties

On the first day of testing, researchers identified the services available on the BusyBox-powered device, including SSH (Dropbear), Telnet, HTTP and HTTPS. Talos said Moxa agreed to share the source code of its BusyBox implementation for proper analysis.

Researchers first identified some authentication issues that made it easy for attackers to launch dictionary attacks against the web interface’s login page, and flaws that allowed hackers to hijack user sessions.

On the third day of the investigation, researchers discovered many cross-site scripting (XSS) vulnerabilities in the front-end of the web interface. These flaws can be exploited to hijack user sessions and gain access to the web interface.

Once they are authenticated, attackers can exploit one of the several command injection vulnerabilities in order to gain full control of the targeted AP.

Learn More at SecurityWeek’s 2017 Singapore ICS Cyber Security Conference

Several of the security holes found by Talos can allow malicious actors to obtain potentially valuable information without any authentication, including passwords, firewall rules and network configuration data.

Advertisement. Scroll to continue reading.

Experts have also uncovered a denial-of-service (DoS) vulnerability that can be exploited remotely to crash the web application.

On the last day of testing, researchers identified several cryptography-related issues. Specifically, they determined that the Moxa AP used an outdated version of OpenSSL (1.0.0d from 2011) and it had been vulnerable to attacks such as POODLE and DROWN.

“Our research demonstrates how many vulnerabilities can be quickly discovered by analyzing a device,” Talos researchers said. “There is nothing to suggest that this device is more or less vulnerable than any other. Indeed, the vulnerabilities we discovered are exactly the types of vulnerabilities likely to be discovered on any ICS device.”

Related: Flaws Found in Moxa Industrial Ethernet Products

Related: Flaws Allow Remote Hacking of Moxa MiiNePort Devices

Related: Eight Vulnerabilities Found in Moxa NPort Devices

Related: Flaws Found in Moxa Factory Automation Products

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.