A researcher has discovered a couple of critical and medium severity vulnerabilities affecting various industrial ethernet products from Taiwan-based industrial networking, computing and automation solutions provider Moxa.
According to an advisory published recently by ICS-CERT, Moxa’s OnCell industrial LTE cellular gateways, AWK wireless AP/bridge/client products, WAC wireless access controllers, and TAP railway wireless units have improper authentication and OS command execution vulnerabilities. The issues were reported to Moxa, through ICS-CERT, by researcher Maxim Rupp.
The more serious of the issues, tracked as CVE-2016-8363 and assigned a CVSS score of 9.1, allows a malicious user to execute arbitrary OS commands on the affected server.
Rupp told SecurityWeek that the impacted products include a function designed for identifying other devices on the network. An authenticated attacker can abuse this functionality via a specific system operator followed by any OS command. The expert believes the vendor did not expect this functionality to be abused in such a manner.
The second flaw, identified as CVE-2016-8362, allows a user to download log files by accessing specific URLs.
The flaws can be exploited remotely even by an attacker with low skill and Rupp warned that there are more than 100 vulnerable devices accessible from the Internet.
Firmware updates that patch these vulnerabilities were released by Moxa on November 1 for OnCell G3470A-LTE and AWK-1131A/3131A/4131A products. Firmware updates for some of the other devices are expected to become available in May and June 2017. Moxa has informed customers that some AWK products and the affected TAP device model are no longer supported and will not receive any updates.
Rupp has identified more than a dozen vulnerabilities in Moxa products over the past months, including in routers, serial device servers and cellular IP gateways. Others identified serious flaws in Moxa’s factory automation products and MiiNePort embedded serial-to-Ethernet device server modules.
Related Reading: ICS Networks at Risk Due to Flaw in Schneider PLC Simulator
Related Reading: Flaw in Schneider Industrial Firewalls Allows Remote Code Execution
