BETA Presented by:
Submit your favorite Philanthropist
venynx jack
Posted March 16, 2019 by venynx jack
Exploitation of vulnerabilities in Moxa industrial switches could disrupt

Positive Technologies experts Ivan Boyko, Vyacheslav Moskvin, and Sergey Fedonin have discovered multiple vulnerabilities in Moxa industrial switches in the EDS-405A, EDS-408A,Wireless EDS-510A, and IKS-G6824A series. These switches are used to build industrial networks for oil and gasgas and transportation, maritime logistics, and numerous industrial sectors.

A vulnerable switch can mean the compromise of the entire industrial network. If ICS components are parts of the body, you can think of network equipment as the arteries that connect them all. So disruption of network interactions could degrade or even stop ICS operations entirely, Paolo Emiliani, Industry and SCADA Research Analyst at Positive Technologies explained.In Moxa series EDS-405A, EDS-408A, and EDS-510A (firmware versions 3.8 and earlier), the Positive Technologies experts discovered five vulnerabilities, three of which are highly dangerous. For instance, an attacker could recover the password from a cookie intercepted over the network or by using Cross-Site Scripting (XSS), extract sensitive information, or brute-force credentials using the proprietary configuration protocol to obtain control over the switch and possibly the entire industrial network.

IKS-G6824A switches (firmware versions 4.5 and earlier) contained seven vulnerabilities. The most dangerous one involved a buffer overflow in the web interface that could be performed without logging in. Exploitation of the vulnerability causes denial of service and potentially remote code execution.In the hands of attackers, the other vulnerabilities could cause a permanent denial of service on the switch, reading of device memory, ability to perform various actions as a legitimate user in the device web interface, and more.

Positive Technologies experts advise disabling all unneeded equipment features (such as the management web interface) immediately after setup. If features cannot be disabled, companies should take preventive action to detect malicious activity with the help of an ICS monitoring and incident reaction solution such as PT Industrial Security Incident Manager (PT ISIM).
No Comments. Login or Signup to be first.