DHS ICS-CERT Updates Moxa Device Advisory

This afternoon DHS ICS-CERT published on their Control Systems Security Program page an updated version of the previously issued Advisory on the MOXA Device Manager buffer overflow vulnerability. The ‘A’ version of the Advisory includes a note about MOXA confirming the vulnerability and announcement that MOXA has/will (by November 11th) release a new version their Device Manager to correct the problem. ICS-CERT now also notes that there is a Metasploit module available for this vulnerability.

The updated advisory includes a modified set of recommendations for mitigating this vulnerability. DHS ICS-CERT recommends:

• Update MDM Version 2.1 to Version 2.3.
• Ensure network protection for the MDM Tool, Gateway, and Agents to protect communications between these systems.
• Encourage asset owners to minimize network exposure for all control system devices. Critical devices should not directly face the Internet. Control system networks and remote devices should be located behind firewalls, and be separate from the business network. If remote access is required, secure methods such as Virtual Private Networks (VPNs) should be utilized.

Once again, as usual, ICS-CERT reminds administrators “that proper impact analysis and risk assessment should be performed prior to taking defensive measures”.