ICS/OT

Vulnerabilities in Moxa Networking Device Expose Industrial Environments to Attacks

Researchers from Cisco’s Talos intelligence and research group have identified a dozen vulnerabilities in a wireless networking device made by Taiwan-based industrial networking, computing and automation solutions provider Moxa.

Eduard Kovacs

February 24, 2020

According to advisories published on Monday by both Moxa and Talos, AWK-3131A industrial AP/bridge/client devices are affected by 12 vulnerabilities that can be exploited to carry out malicious activities in an attack aimed at an organization’s industrial systems. Moxa industrial AP

All of the vulnerabilities have been classified as critical or high severity. They can be exploited by attackers to escalate privileges to root, decrypt traffic using hardcoded cryptographic keys, inject commands and remotely control a device, run custom diagnostic scripts on the device, remotely execute arbitrary code, cause a denial-of-service (DoS) condition, and gain remote shell access to the device.

While in a majority of cases exploitation requires authentication with low privileges, some of the weaknesses can be exploited by an unauthenticated attacker.

Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s 2020 ICS Cyber Security Conference

The vulnerabilities were reported to Moxa in October and November 2019, and the vendor announced the availability of patches on February 24.

While Moxa patched these flaws fairly quickly, the company has not always been fast when it comes to addressing vulnerabilities. In December, the company urged customers to replace the discontinued AWK-3121 series AP after a researcher had identified 14 vulnerabilities in the device. However, the company had known about them since 2018 and the researcher who found the security holes had published exploits in June 2019.

This is not the first time Cisco Talos researchers have found vulnerabilities in Moxa’s AWK-3131A devices. Back in 2017, they reported finding hardcoded credentials that gave attackers full access to Moxa APs, and separately disclosed more than a dozen vulnerabilities affecting the same product.

Written By Eduard Kovacs

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Latest News

Click to comment

Mapping Threat Intelligence to the NIST Compliance Framework Part 2

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

Landon Winkelvoss

Password Dependency: How to Break the Cycle

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the password dependency cycle. But how can this be done?

Torsten George

Why CISOs Make Great Board Members

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make for successful board members.

Galina Antova

A Change in Mindset: From a Threat-based to Risk-based Approach to Security

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Marie Hattar

Secrets to a Good Security Webinar or Conference Presentation

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Joshua Goldfarb

CISO Strategy

Why CISOs Make Great Board Members

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Galina Antova5 days ago