Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Flaws Allow Remote Hacking of Moxa MiiNePort Devices

Flaws affecting Moxa’s MiiNePort embedded serial device servers can be exploited remotely to gain control of vulnerable systems. The vendor has released firmware updates to address the security holes.

Flaws affecting Moxa’s MiiNePort embedded serial device servers can be exploited remotely to gain control of vulnerable systems. The vendor has released firmware updates to address the security holes.

ICS-CERT informed organizations last week that MiiNePort E1, E2 and E3 devices are affected by two vulnerabilities. One of them, tracked as CVE-2016-9344, can be exploited to brute-force an active session cookie and download a device’s configuration file.

The second weakness, tracked as CVE-2016-9346, refers to the fact that the configuration data is stored in a file without being encrypted.

SAVE THE DATE: ICS Cyber Security Conference | Singapore – April 25-27, 2017

Aditya K. Sood, the researcher who discovered the vulnerabilities, told SecurityWeek that the exposed configuration files contain sensitive information, including the administrator password, which could allow an attacker to gain unrestricted privileges and access to the device.

According to the researcher, CVE-2016-9344 allows an attacker to download the configuration file remotely from the Internet if the targeted user has an active session on the device.

“The Moxa device emits ‘Server: MoxaHttp/’ on TCP port 80 or any other web port. A simple web scanner with filtering of these headers can help detect systems on the web,” Sood explained.

While the researcher has not conducted any mass Internet scans, he did identify a few hundred externally-accessible devices using the Shodan search engine. Other vulnerable devices are likely not exposed to the Internet, requiring the attacker to have network access.

Advertisement. Scroll to continue reading.

Moxa patched the vulnerabilities with the release of firmware versions 1.8 (MiiNePort E1), 1.4 (MiiNePort E2) and 1.1 (MiiNePort E3) nearly five months after learning of their existence.

Sood has released proof-of-concept (PoC) exploits and a video showing how the attack works:

Related: Moxa, Vanderbilt Surveillance Products Affected by Serious Flaws

Related: Eight Vulnerabilities Found in Moxa NPort Devices

Related: Flaws Found in Moxa Industrial Ethernet Products

Related: Flaws Found in Moxa Factory Automation Products

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.