Moxa Fixes Switch Vulnerabilities

Thursday, September 3, 2015 @ 06:09 PM gHale


Moxa created a firmware update to mitigate vulnerabilities in the EDS-405A/EDS-408A series managed Ethernet switches, according to a report on ICS-CERT.

These vulnerabilities, discovered by Erwin Paternotte of Applied Risk, are remotely exploitable.

RELATED STORIES
SMA Solar Hard-Coded Account Hole
Hole in Older RuggedCom Versions
Innominate Mitigates mGuard Hole
Siemens Fixes SIMATIC S7-1200 Hole

Moxa EDS-405A/EDS-408A series managed Ethernet switches firmware Version V3.4 build 14031419 and prior suffer from the issues.

An authenticated remote attacker could compromise the availability, integrity, and confidentiality of a Moxa industrial managed switch, including connected industrial assets.

Moxa is a Taiwan-based company that maintains offices in several countries around the world, including the U.S., UK, India, Germany, France, China, Russia, and Brazil.

The EDS-405A/408A series are entry Level 5 and 8-port managed Ethernet switches designed especially for industrial applications. The switches support a variety of useful management functions, such as Turbo Ring, Turbo Chain, ring coupling, port-based VLAN, QoS, RMON, bandwidth management, port mirroring, and warning by email or relay. According to Moxa, these switches end up deployed across several sectors, including chemical, commercial facilities, critical manufacturing, emergency services, energy, food and agriculture, government facilities, and water and wastewater systems. Moxa estimates these products see use globally but concentrated in the U.S., Europe, Chile, Argentina, Peru, Columbia, and Taiwan, with 50 to 60 percent of all sales in the U.S.

A privilege escalation vulnerability is in the administrative web interface of the Moxa industrial Ethernet switches. A user level account has by default read only access to the web interface. The check that prevents a user level account from modifying settings in the administrative web interface could easily end up circumvented, resulting in elevated access privileges.

CVE-2015-6464 is the case number assigned to this vulnerability, which Applied Risk calculated a CVSSv2 base score of 8.5.

The embedded GoAhead web server running on the Moxa Ethernet switches is vulnerable to a denial-of-service attack. A crafted URL sent by an authenticated user causes a reboot of the device.

CVE-2015-6465 is the case number for this vulnerability, which Applied Risk calculated a CVSSv2 base score of 6.8.

A Cross-Site Scripting (XSS) vulnerability is in the administrative web interface of the Moxa industrial Ethernet switches. An input field of the administrative web interface lacks input validation, which could end up abused to inject JavaScript code.

CVE-2015-6466 is the case number assigned to this vulnerability, which Applied Risk calculated a CVSSv2 base score of 4.3.

No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill would be able to exploit these vulnerabilities.

Moxa addressed the reported vulnerabilities by releasing a firmware update for the affected devices. Click here to find the available firmware updates.