Moxa Clears Privilege Escalation Hole

Thursday, October 20, 2016 @ 03:10 PM gHale


Moxa created new firmware to mitigate a privilege escalation vulnerability in its EDR-810 Industrial Secure Router, according to a report with ICS-CERT.

This vulnerability, discovered by independent researcher Maxim Rupp, is remotely exploitable.

RELATED STORIES
Schneider Fixes Password Vulnerability
OSIsoft Mitigates PI Web API Hole
Rockwell Fixes DoS, Memory Issues
Moxa Clears ioLogik Vulnerabilities

EDR-810 using firmware versions prior to V3.13 suffers from the issue.

Successful exploitation of this vulnerability may allow a remote attacker to escalate privileges, initiate a denial-of-service condition, and execute arbitrary code.

Moxa is a Taiwan-based company that maintains offices in several countries around the world, including the U.S., UK, India, Germany, France, China, Russia, and Brazil.

The affected product, Moxa EDR-810 series, is an industrial multiport secure router with firewall/NAT/VPN and managed Layer 2 switch functions. It is for Ethernet-based security applications in sensitive remote control or monitoring networks. These secure routers see use across several sectors, including, critical manufacturing, energy, and water and wastewater systems. Moxa said these products see action globally but concentrated in the U.S., Europe, Chile, Argentina, Peru, Columbia, and Taiwan.

By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files.

CVE-2016-8346 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

Detailed vulnerability information is publicly available that could end up used to develop an exploit that targets this vulnerability.

An attacker with a low skill would be able to exploit this vulnerability.

Moxa recommends affected users update EDR-810 firmware to Version V3.13 or later. Click here for the updated firmware.



Leave a Reply

You must be logged in to post a comment.