Talos intelligence has revealed 17 vulnerable points in a Moxa industrial router. The company has now rolled out a patch addressing the issue.
The affected router is the industrial EDR-810. It is marketed as a multiport secure router and offers services such as a firewall, virtual private network support (VPN), network address translation (NAT), as well as managed Layer 2 switch support.
Furthermore, Moxa designed this router for security applications that remotely control and monitor various networks. It allows for the protection of important assets in various areas, such as water stations, gas and oil stations, and automation in factories. The critical assets affected can be systems that pump and treat water, distributed control systems, programmable logic controller systems, and supervisory control and data acquisition systems (SCADA).
Carlos Pancho discovered the series of flaws in the Moxa router, and Cisco Talos consequently published the details in their blog post. Talos intelligence labels quite a few of the vulnerabilities as having a high severity, as they leave the network open for denial of service (DoS) attacks and command injection breaches.
The Moxa router’s web server and Service Agent functions can be manipulated into denial of service. This is caused by a specially constructed HTTP URI, that then leads to a null pointer dereference.
Interested hackers can exploit the flaws and use them as backdoors to their own advantage. The attackers could grant themselves high-ranking privileges and gain root access to the system. This is done through a specially constructed HTTP POST request that targets the device. Malicious html code is created, which could possibly provoke the user into executing the code, leading to a much more extensive security breach.
A further four medium-ranked severity issues were discovered. These were all regarding password transmission through the Server Agent. The issues arose when the passwords used weak encryption or were transmitted in cleartext (ie. readily understandable to the human eye).
The flaws were discovered in the 4.1 version of the EDR-810 routers in November last year, however, Talos Intelligence states that earlier ones may be compromised as well. Moxa published a patch for the specific routers’ systems on the 12th of April. According to ZDI, who published a report in 2017 on the issue, the 5-month period between the discovery of the flaws and the patch is in line with other patching periods for SCADA systems.
It seems that there is a history with the EDR routers and the above-described flaws. Two years ago, Maxim Rupp, security researcher, unveiled quite a few high-severity weaknesses that could also have led to arbitrary code injection, gaining privilege in the systems, and DoS attacks.
Talos Intelligence has also previously discovered issues in Moxa-manufactured systems. For example, last year they published a series of advisories describing over a dozen vulnerabilities in the security of Moxa products.