A researcher has discovered a couple of critical and medium severity vulnerabilities affecting various industrial ethernet products from Taiwan-based industrial networking, computing and automation solutions provider Moxa.
According to an advisory published recently by ICS-CERT, Moxa’s OnCell industrial LTE cellular gateways, AWK wireless AP/bridge/client products, WAC wireless access controllers, and TAP railway wireless units have improper authentication and OS command execution vulnerabilities. The issues were reported to Moxa, through ICS-CERT, by researcher Maxim Rupp.
The more serious of the issues, tracked as CVE-2016-8363 and assigned a CVSS score of 9.1, allows a malicious user to execute arbitrary OS commands on the affected server.
Rupp told SecurityWeek that the impacted products include a function designed for identifying other devices on the network. An authenticated attacker can abuse this functionality via a specific system operator followed by any OS command. The expert believes the vendor did not expect this functionality to be abused in such a manner.
The second flaw, identified as CVE-2016-8362, allows a user to download log files by accessing specific URLs.
The flaws can be exploited remotely even by an attacker with low skill and Rupp warned that there are more than 100 vulnerable devices accessible from the Internet.
Firmware updates that patch these vulnerabilities were released by Moxa on November 1 for OnCell G3470A-LTE and AWK-1131A/3131A/4131A products. Firmware updates for some of the other devices are expected to become available in May and June 2017. Moxa has informed customers that some AWK products and the affected TAP device model are no longer supported and will not receive any updates.
Rupp has identified more than a dozen vulnerabilities in Moxa products over the past months, including in routers, serial device servers and cellular IP gateways. Others identified serious flaws in Moxa’s factory automation products and MiiNePort embedded serial-to-Ethernet device server modules.
Related Reading: ICS Networks at Risk Due to Flaw in Schneider PLC Simulator
Related Reading: Flaw in Schneider Industrial Firewalls Allows Remote Code Execution
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
Latest News
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
- Consolidate Vendors and Products for Better Security
