Moxa RTU Controller Vulnerabilities

Friday, August 14, 2015 @ 02:08 PM gHale

There is a report of vulnerabilities affecting the Moxa ioLogik E2210 Ethernet Micro RTU controller, according to a report on ICS-CERT.

The Moxa ioLogik E2210 Ethernet Micro RTU controller is a PC-based data acquisition and control device. According to this report, the device’s password can transmit with HTTP and can also store in the cookie. The transmitted password also has weak encryption with MD5 making it vulnerable to cracking.

Vulnerabilities with Prisma Web
Schneider Modicon Vulnerability
KACO HMI Password Vulnerability
Schneider Fixes DTM Vulnerability

Aditya K. Sood discovered the vulnerabilities and presented them at DefCon 2015 in Las Vegas.

He reported these vulnerabilities to ICS-CERT a few days before his presentation so the vendor was aware of the issue but has not had time to address it. ICS CERT notified the affected vendor of the report and has asked it to confirm the vulnerabilities and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks.

The disclosure included vulnerability details for the following vulnerability:
• Password transmitted unsecurely with weak encryption, which could lead to unauthorized access and replay attacks
• Client-side encrypted password, which could lead to unauthorized access to the device
• Weakly hashed password contained in the HTTP cookie, which could lead to unauthorized access to the device

All vulnerabilities, except the client-side encrypted password, are remotely exploitable.