Organizations using Moxa’s MXsecurity product have been informed about two potentially serious vulnerabilities that could be exploited by malicious hackers targeting operational technology (OT) networks.
MXsecurity is an industrial network security management software designed for OT environments.
Security researcher Simon Janz discovered recently that the product is impacted by a critical vulnerability that can be exploited remotely to bypass authentication (CVE-2023-33235) and a high-severity flaw in the SSH command-line interface that can lead to remote command execution (CVE-2023-33236).
Moxa patched the security holes with the release of version 1.0.1. The industrial networking, computing and automation solutions provider has published an advisory describing the vulnerabilities.
Advisories for the two bugs have also been published by the US Cybersecurity and Infrastructure Security Agency (CISA), which noted that the impacted product is used worldwide in multiple sectors, as well as by the Zero Day Initiative (ZDI), which coordinated the disclosure process.
A Chinese researcher seems to have also found the same vulnerabilities and last week disclosed technical details.
The critical vulnerability exists in the configuration of the MXsecurity web-based interface and is related to a hardcoded JWT secret.
Janz told SecurityWeek that an attacker can leverage the hardcoded secret key to forge valid JWT tokens and gain access to the web panel with admin privileges.
In the case of the high-severity vulnerability, the researcher noted that an attacker would need to know or guess SSH admin credentials for exploitation. Once authenticated, the attacker can execute arbitrary commands and gain a foothold in the targeted network.
Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com
Related: Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks
Related: Moxa MXview Vulnerabilities Expose Industrial Networks to Attacks
Related: Flaws in Moxa Railway Devices Could Allow Hackers to Cause Disruptions
