Connect with us

Hi, what are you looking for?



Flaws Found in Moxa Factory Automation Products

Applied Risk, a company that specializes in protecting industrial control systems (ICS), published an advisory this week describing several vulnerabilities found in one of Moxa’s factory automation products.

Applied Risk, a company that specializes in protecting industrial control systems (ICS), published an advisory this week describing several vulnerabilities found in one of Moxa’s factory automation products.

The security firm’s researchers have identified various types of flaws in the web interface of Moxa’s ioLogik Ethernet I/O products, which are used in oil and gas, manufacturing, nuclear, and water plants.

The most serious of the vulnerabilities are related to password management. Experts discovered that an MD5 hash of the password used for authentication is sent to the server in a GET request. Since the information is transmitted over HTTP instead of HTTPS, a man-in-the-middle (MitM) attacker can easily obtain and crack the password.

Another problem is that the system automatically truncates passwords to 8 characters, which are also used to generate the MD5 hash included in the GET request. Experts have often warned that limiting the length of passwords is a poor security practice.ICS Cyber Security Conference

Researchers also discovered that the administration interface lacks cross-site request forgery (CSRF) protection, allowing an attacker to modify parameters and settings, restart the device, or restore it to factory settings.

Applied Risk also reported finding a persistent cross-site scripting (XSS) flaw that can be used to execute arbitrary code in the context of the web browser when the affected page is accessed.

Alexandru Ariciu, ICS security researcher at Applied Risk, told SecurityWeek that these vulnerabilities allow an attacker to take complete control of the affected device.

“The discovered vulnerabilities can be exploited remotely, but there are some prerequisites to be met. Being in the same network as the devices would make exploitation trivial but it’s not much harder to exploit the vulnerabilities remotely,” Ariciu explained. “It depends on the type of access the attacker has – normally the entry point in a network is not the device that sits in the field.”

Applied Risk confirmed the vulnerabilities on an ioLogik E1242 device running version 2.3 of the firmware. The issues were reported to Moxa on May 26 and they were addressed in ioLogik E1242 on September 30 with the release of firmware version 2.5. The vendor said it added XSS and CSRF protection, it switched from GET to POST for transmitting the password, and increased the password length from 8 to 16 characters.

Advertisement. Scroll to continue reading.

ICS-CERT has yet to release an advisory describing these vulnerabilities. In the past months, the organization disclosed security holes affecting several Moxa products, including serial device servers, cellular IP gateways and surveillance systems.

Related: Learn More at the ICS Cyber Security Conference

Related: Unpatched Flaws Plague Moxa Connectivity Products

Related: Serious Vulnerabilities Found in Moxa Industrial Secure Routers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...


Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...