Moxa Mitigates Entropy Vulnerability

Monday, August 5, 2013 @ 07:08 PM gHale

Moxa produced and released a firmware upgrade in April that mitigates an insufficient entropy vulnerability in its OnCell Gateways, according to a report on ICS-CERT.

This vulnerability, discovered by researcher Nadia Heninger of the University of California, San Diego, researchers Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan, could end up suffering from remote exploitation.

Siemens Fixes Scalance Vulnerabilities
Siemens WinCC TIA Portal Vulnerabilities
IOServer Fixes Improper Input Validation
GE Fixes Improper Input Validation

The following Moxa OnCell Gateway models (before firmware version 1.4) suffer from the issue: G3111, G3151, G3211, and G3251.

An attacker could gain unauthorized access to the gateway by determining the authentication keys from reused or nonunique SSH and SSL host keys. Exploitation of this vulnerability could allow an attacker to affect the confidentiality, integrity, and availability of the OnCell Gateways.

Moxa is a Taiwan-based company that maintains offices in several countries around the world, including the U.S., UK, India, Germany, France, China, and Brazil.

The affected products, Moxa OnCell Gateways, are cellular IP gateways that can conveniently and transparently connect up to two devices to a cellular network. This allows one to connect their existing Ethernet and serial devices with basic configuration.

Moxa OnCell Gateways deploy across several sectors, including critical manufacturing, transportation systems, information technology, water and wastewater, and communications, Moxa officials said. Moxa estimates these products see use globally, and focus mostly in the Asia-Pacific region, and have smaller deployments in the Americas and Europe.

The OnCell G3111, G3151, G3211, and G3251 gateways do not use sufficient entropy when generating keys for SSH and SSL connections; therefore, these keys are vulnerable to exploits.

By calculating private authentication keys, an attacker could gain unauthorized access to the system and read information on the device, as well as send commands to the device, which would compromise the integrity and confidentiality of the data and could compromise the availability.

CVE-2012-3039 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.1.

No known public exploits specifically target this vulnerability and an attacker with a high skill level would be able to exploit this vulnerability.

Moxa released a firmware upgrade (OnCell G3111/G3151/G3211/G3251 Version 1.4) for these products on April 3, and is in the process of sending notification to its customers. Click here to view the upgrade from the Moxa software download page.

The firmware upgrade fixes the vulnerability by increasing the entropy in the dynamically generated keys to avoid nonuniqueness and key reuse.

Leave a Reply

You must be logged in to post a comment.