Security Experts:

Connect with us

Hi, what are you looking for?



Eight Vulnerabilities Found in Moxa NPort Devices

Security researchers have discovered a total of eight vulnerabilities in NPort serial device servers produced by Taiwan-based industrial automation solutions provider Moxa, ICS-CERT reported on Thursday.

Security researchers have discovered a total of eight vulnerabilities in NPort serial device servers produced by Taiwan-based industrial automation solutions provider Moxa, ICS-CERT reported on Thursday.

The flaws discovered by Reid Wightman, Mikael Vingaard and Maxim Rupp affect more than a dozen NPort models.

Three of the security holes have a CVSS score of 9.8, which puts them in the critical severity category. They can be exploited to retrieve an administrator password without authentication, update the device’s firmware over the network without authentication and potentially achieve code execution, and use brute force to bypass authentication.

SAVE THE DATE: ICS Cyber Security Conference | Singapore – April 25-27, 2017

The high-severity vulnerabilities can be exploited to remotely execute arbitrary code, to launch cross-site request forgery (CSRF) attacks, and cause a denial-of-service (DoS) condition. The remaining flaws are medium-severity cross-site scripting (XSS) and plaintext password storage issues.

Moxa has released firmware updates for most of the affected NPort devices, except for one model that was discontinued in 2008. The company has advised customers to install the updates.

Vulnerabilities in Siemens, Mitsubishi Electric and Advantech Products

ICS-CERT also published three other advisories describing vulnerabilities affecting products from Siemens, Mitsubishi Electric and Advantech.

Researchers from Russia-based security companies Positive Technologies and Kaspersky Lab discovered that Siemens’ SICAM PAS energy automation software has two high severity and two critical flaws.

The critical weaknesses can be leveraged by an attacker on the network to obtain privileged access to the product’s database using a hardcoded password, and to cause a DoS condition and possibly execute arbitrary code. The other flaws can be used by a local attacker to recover the database password, and by a network attacker to download, upload or delete files in certain parts of the system.

Siemens released SICAM PAS 8.00 to address the password-related issues. The other security holes require access to certain ports, which organizations should block from their firewall until a patch is made available. ICS-CERT’s advisory seems to contain some inaccuracies, but Siemens has published an advisory of its own.

Kaspersky researchers also identified a couple of high severity flaws in Mitsubishi Electric’s MELSEC-Q programmable logic controllers (PLCs). The vulnerabilities affect QJ71E71 ethernet interface modules and they are related to weak encryption and improperly restricted remote access functionality.

Andrea Micalizzi, known online as “rgod,” discovered high severity information disclosure, path traversal and privilege escalation issues in Advantech’s SUSIAccess product, which is designed for building custom intelligent systems. The vendor has replaced SUSIAccess with the WISE-PaaS integrated IoT platform software services and customers have been advised to migrate to the new product.

Related: Moxa, Vanderbilt Surveillance Products Affected by Serious Flaws

Related: Flaws Found in Moxa Factory Automation Products

Related: Flaws Found in Moxa Industrial Ethernet Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).