Connect with us

Hi, what are you looking for?



Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks

Critical authentication bypass and high-severity command injection vulnerabilities have been patched in Moxa’s MXsecurity product.

Organizations using Moxa’s MXsecurity product have been informed about two potentially serious vulnerabilities that could be exploited by malicious hackers targeting operational technology (OT) networks.

MXsecurity is an industrial network security management software designed for OT environments. 

Security researcher Simon Janz discovered recently that the product is impacted by a critical vulnerability that can be exploited remotely to bypass authentication (CVE-2023-33235) and a high-severity flaw in the SSH command-line interface that can lead to remote command execution (CVE-2023-33236).

Moxa patched the security holes with the release of version 1.0.1. The industrial networking, computing and automation solutions provider has published an advisory describing the vulnerabilities. 

Advisories for the two bugs have also been published by the US Cybersecurity and Infrastructure Security Agency (CISA), which noted that the impacted product is used worldwide in multiple sectors, as well as by the Zero Day Initiative (ZDI), which coordinated the disclosure process. 

A Chinese researcher seems to have also found the same vulnerabilities and last week disclosed technical details

The critical vulnerability exists in the configuration of the MXsecurity web-based interface and is related to a hardcoded JWT secret. 

Advertisement. Scroll to continue reading.

Janz told SecurityWeek that an attacker can leverage the hardcoded secret key to forge valid JWT tokens and gain access to the web panel with admin privileges.

In the case of the high-severity vulnerability, the researcher noted that an attacker would need to know or guess SSH admin credentials for exploitation. Once authenticated, the attacker can execute arbitrary commands and gain a foothold in the targeted network. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks

Related: Moxa MXview Vulnerabilities Expose Industrial Networks to Attacks

Related: Flaws in Moxa Railway Devices Could Allow Hackers to Cause Disruptions

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.