Connect with us

Hi, what are you looking for?



Flaws Found in Moxa Industrial Ethernet Products

A researcher has discovered a couple of critical and medium severity vulnerabilities affecting various industrial ethernet products from Taiwan-based industrial networking, computing and automation solutions provider Moxa.

A researcher has discovered a couple of critical and medium severity vulnerabilities affecting various industrial ethernet products from Taiwan-based industrial networking, computing and automation solutions provider Moxa.

According to an advisory published recently by ICS-CERT, Moxa’s OnCell industrial LTE cellular gateways, AWK wireless AP/bridge/client products, WAC wireless access controllers, and TAP railway wireless units have improper authentication and OS command execution vulnerabilities. The issues were reported to Moxa, through ICS-CERT, by researcher Maxim Rupp.

The more serious of the issues, tracked as CVE-2016-8363 and assigned a CVSS score of 9.1, allows a malicious user to execute arbitrary OS commands on the affected server.

Rupp told SecurityWeek that the impacted products include a function designed for identifying other devices on the network. An authenticated attacker can abuse this functionality via a specific system operator followed by any OS command. The expert believes the vendor did not expect this functionality to be abused in such a manner.

The second flaw, identified as CVE-2016-8362, allows a user to download log files by accessing specific URLs.

The flaws can be exploited remotely even by an attacker with low skill and Rupp warned that there are more than 100 vulnerable devices accessible from the Internet.

Firmware updates that patch these vulnerabilities were released by Moxa on November 1 for OnCell G3470A-LTE and AWK-1131A/3131A/4131A products. Firmware updates for some of the other devices are expected to become available in May and June 2017. Moxa has informed customers that some AWK products and the affected TAP device model are no longer supported and will not receive any updates.

Advertisement. Scroll to continue reading.

Rupp has identified more than a dozen vulnerabilities in Moxa products over the past months, including in routers, serial device servers and cellular IP gateways. Others identified serious flaws in Moxa’s factory automation products and MiiNePort embedded serial-to-Ethernet device server modules.

Related Reading: ICS Networks at Risk Due to Flaw in Schneider PLC Simulator

Related Reading: Flaw in Schneider Industrial Firewalls Allows Remote Code Execution

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.