A newly issued patch plugs more than a dozen vulnerabilities that affect certain versions of an industrial multiport secure router series.
On 13 April, Cisco Talos published a report revealing the security weaknesses as part of a coordinated disclosure strategy with Moxa, an automation solutions provider for companies seeking to get the most out of the Industrial Internet of Things (IIoT).
Carlos Pacho, a vulnerability researcher with Cisco Talos, discovered the vulnerabilities while testing the V4.1 build 17030317 of the Moxa EDR-810 industrial secure router series. This device comes equipped with firewall and VPNs functions that help establish a secure perimeter for critical applications commonly found in industrial environments. Those include supervisory control and data acquisition (SCADA) systems.
It’s possible that multiple versions of the router series are susceptible to the flaws.
Many of the flaws found by Pacho received a CVSS score of 8.8. A few of those bugs (CVE-2017-12120, CVE-2017-12121, CVE-2017-12125, and CVE-2017-14432 – CVE-2017-14434) are command injection weaknesses which enable attackers to escalate privileges and acquire access to a root shell via injecting OS commands. The other vulnerability with that “high” CVSS rating, CVE-2017-12126, is a cross-site request forgery (CSRF) flaw which bad actors can exploit in order to change the device’s configuration.
Some of the other reported vulnerabilities enable malefactors to retrieve the administrative password for the device by inspecting traffic, cause denial-of-service conditions and leak other data.
For more information about the flaws, please view Cisco Talos’s vulnerability reports page.
Moxa has issued an updated firmware version for its industrial router series. It’s urging customers to implement the release as soon as possible. They can also use a series of Snort Rules to detect exploitation attempts of the vulnerabilities.
Organizations should also consider boosting their industrial control system (ICS) security by investing in a solution that provides complete visibility into their industrial network and monitors for anomalous activity. For information on how Tripwire can help in this regard, please click here.