Pierluigi Paganini March 11, 2019

Security experts have discovered many vulnerabilities, including a critical issue, in Moxa EDS and IKS industrial switches.

Industrial control systems used in many industries, including the energy sector, critical manufacturing, and transportation, continues to be an element of concern for security experts. Researchers have discovered several vulnerabilities in Moxa EDS and IKS industrial switches.

The Moxa industrial switches are affected by Classic Buffer Overflow, Cross-site Request Forgery, Cross-site Scripting, Improper Access Controls, Improper Restriction of Excessive Authentication Attempts, Missing Encryption of Sensitive Data, Out-of-bounds Read, Unprotected Storage of Credentials, Predictable from Observable State, and Uncontrolled Resource Consumption issues.

“Successful exploitation of these vulnerabilities could allow the reading of sensitive information, remote code execution, arbitrary configuration changes, authentication bypass, sensitive data capture, reboot of the device, device crash, or full compromise of the device.” reads the security advisory published by the ICS-CERT.

The following Moxa industrial switches are affected: by the flaws

• IKS-G6824A series Versions 4.5 and prior,
• EDS-405A series Version 3.8 and prior,
• EDS-408A series Version 3.8 and prior, and
• EDS-510A series Version 3.8 and prior.

Security experts at Positive Technologies have discovered five vulnerabilities in EDS-405A, EDS-408A, and EDS-510A industrial switches. The list of flaws includes the storage of passwords in plain text, the use of predictable session IDs, the lack of encryption for sensitive data, the lack of mechanisms for preventing brute-force attacks, and flaws that can be exploited to cause a denial-of-service (DoS) condition.

The Moxa IKS-G6824A industrial switches are affected by seven types of flaws, including a buffer overflow that can allow remote code execution, plaintext storage of passwords, multiple cross-site scripting (XSS) issues, failure to handle certain types of packets (which results in DoS), memory disclosure bugs, improper access control for the web interface, and cross-site request forgery (CSRF) flaws.

The most severe issue is a buffer overflow in the web interface that could be exploited by a remote unauthenticated attacker to cause a DoS condition and potentially execute arbitrary code.ctions as a legitimate user in the device web interface, and more.”

The vendor already addressed many of the flaws with the release of security patches, the remaining issues can be mitigated by forcing the device to only use HTTPS (for EDS switches) and by using SNMP, Telnet or CLI consoles for access instead of the HTTP web console (for IKS switches).

Pierluigi Paganini

(SecurityAffairs – Moxa, industrial switches)

[adrotate banner=”5″]

[adrotate banner=”13″]