Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Flaws Allow Remote Hacking of Moxa MiiNePort Devices

Flaws affecting Moxa’s MiiNePort embedded serial device servers can be exploited remotely to gain control of vulnerable systems. The vendor has released firmware updates to address the security holes.

Flaws affecting Moxa’s MiiNePort embedded serial device servers can be exploited remotely to gain control of vulnerable systems. The vendor has released firmware updates to address the security holes.

ICS-CERT informed organizations last week that MiiNePort E1, E2 and E3 devices are affected by two vulnerabilities. One of them, tracked as CVE-2016-9344, can be exploited to brute-force an active session cookie and download a device’s configuration file.

The second weakness, tracked as CVE-2016-9346, refers to the fact that the configuration data is stored in a file without being encrypted.

SAVE THE DATE: ICS Cyber Security Conference | Singapore – April 25-27, 2017

Aditya K. Sood, the researcher who discovered the vulnerabilities, told SecurityWeek that the exposed configuration files contain sensitive information, including the administrator password, which could allow an attacker to gain unrestricted privileges and access to the device.

According to the researcher, CVE-2016-9344 allows an attacker to download the configuration file remotely from the Internet if the targeted user has an active session on the device.

“The Moxa device emits ‘Server: MoxaHttp/’ on TCP port 80 or any other web port. A simple web scanner with filtering of these headers can help detect systems on the web,” Sood explained.

While the researcher has not conducted any mass Internet scans, he did identify a few hundred externally-accessible devices using the Shodan search engine. Other vulnerable devices are likely not exposed to the Internet, requiring the attacker to have network access.

Advertisement. Scroll to continue reading.

Moxa patched the vulnerabilities with the release of firmware versions 1.8 (MiiNePort E1), 1.4 (MiiNePort E2) and 1.1 (MiiNePort E3) nearly five months after learning of their existence.

Sood has released proof-of-concept (PoC) exploits and a video showing how the attack works:

Related: Moxa, Vanderbilt Surveillance Products Affected by Serious Flaws

Related: Eight Vulnerabilities Found in Moxa NPort Devices

Related: Flaws Found in Moxa Industrial Ethernet Products

Related: Flaws Found in Moxa Factory Automation Products

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Raffi Joukhadarian has been named Managing Director and Chief Financial Officer at MorganFranklin Cyber.

Data security firm Rubrik has appointed Kavitha Mariappan as its Chief Transformation Officer.

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.