Tuesday, May 24, 2016

ICS-CERT Publishes Moxa Advisory

This afternoon the DHS ICS-CERT published an advisory for control system vulnerabilities in the Moxa MiiNePort serial device server module series. The multiple vulnerabilities were reported by Karn Ganeshen earlier this month on the Full Disclosure mail list. Moxa will reported produce a beta version of a firmware patch in late May 2016.

The reported vulnerabilities include:

• Cleartext storage of sensitive information - CVE-2016-2295;
• Cross-site request forgery - CVE-2016-2285; and
• Weak credential management - CVE-2016-2286

ICS-CERT reports that a relatively unskilled attacker could remotely exploit the vulnerabilities to silently unauthorized actions on the device such as password change, configuration parameter changes, saving modified configuration, and device reboot.

ICS-CERT is reporting that Moxa recommends disabling Ports TCP/80 (HTTP) and TCP/23 (TELNET). The other two affected ports {UDP/161 (SNMP), UDP/4800 (utility), and TCP/4900 (utility)} are needed for remote operation and should be protected.

No comments:

/* Use this with templates/template-twocol.html */