Today the DHS ICS-CERT published a control system security advisory for a privilege escalation vulnerability in the Moxa EDR-810 Industrial Secure Router. The vulnerability was reported by Maxim Rupp. Moxa has produced a new firmware version to mitigate the vulnerability. There is no indication that Rupp has been provided an opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker could use publicly available information to remotely exploit this vulnerability to escalate privileges, initiate a denial-of-service condition, and execute arbitrary code.