Moxa Clears ioLogik Vulnerabilities

Thursday, October 13, 2016 @ 05:10 PM gHale


Moxa created a new firmware edition to mitigate vulnerabilities in its ioLogik E1200 series application, according to a report with ICS-CERT.

Alexandru Ariciu of Applied risk, who discovered the issues, tested the firmware to validate it resolves the remotely exploitable vulnerabilities.

RELATED STORIES
Fatek Automation Vulnerabilities
Kabona AB WDC Vulnerabilities
Sierra Wireless Mitigations Against Mirai
Siemens Mitigates ALM Vulnerabilities

Exploits that target these vulnerabilities are publicly available.

Moxa reports the vulnerabilities affect the following products:
• ioLogik E1210, firmware Version V2.4 and prior
• ioLogik E1211, firmware Version V2.3 and prior
• ioLogik E1212, firmware Version V2.4 and prior
• ioLogik E1213, firmware Version V2.5 and prior
• ioLogik E1214, firmware Version V2.4 and prior
• ioLogik E1240, firmware Version V2.3 and prior
• ioLogik E1241, firmware Version V2.4 and prior
• ioLogik E1242, firmware Version V2.4 and prior
• ioLogik E1260, firmware Version V2.4 and prior
• ioLogik E1262, firmware Version V2.4 and prior

An attacker who exploits these vulnerabilities may be able to remotely execute arbitrary code, modify parameters and settings, or reset the device.

Moxa is a Taiwan-based company that maintains offices in several countries around the world, including the U.S., UK, India, Germany, France, China, Russia, and Brazil.

The affected product, ioLogik E1200 series, is a remote I/O for use in monitoring. Moxa said ioLogik sees action across several sectors, including commercial facilities and energy. Moxa estimates these products see use primarily in the United States, Europe, and Asia.

In one vulnerability, the web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code.

CVE-2016-8359 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

In addition, a password can end up transmitted in a format that is not sufficiently secure.

CVE-2016-8372 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.1.

Also, users are restricted to using short passwords.

CVE-2016-8379 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.1.

In addition, the web application may not sufficiently verify whether a request was provided by a valid user.

CVE-2016-8350 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

Detailed vulnerability information is publicly available that could end up used to develop an exploit that targets these vulnerabilities. An attacker with a low skill would be able to exploit these vulnerabilities.

Moxa created new firmware to mitigate these vulnerabilities. It recommends all users upgrade to the latest version. Moxa recommends installing the latest edition of the firmware, which can be downloaded at the following location:
ioLogik E1210 V2.5

ioLogik E1211 V2.4

ioLogik E1212 V2.5

ioLogik E1213 V2.6

ioLogik E1214 V2.5

ioLogik E1240 V2.4

ioLogik E1241 V2.5

ioLogik E1242 V2.5

ioLogik E1260 V2.5

ioLogik E1262 V2.5



Leave a Reply

You must be logged in to post a comment.