tag:blogger.com,1999:blog-9122514974659083342.post3431126943401758007..comments2024-02-02T22:30:20.736-05:00Comments on Chemical Facility Security News: ICS-CERT Publishes 5 AdvisoriesPJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-9122514974659083342.post-64776428650408744122017-02-18T14:49:50.620-05:002017-02-18T14:49:50.620-05:00Hi Patrick -
Please note that the patches do not ...Hi Patrick -<br /><br />Please note that the patches do not fix CVE-2016-9361, at least as of February 2017. I posted a sample exploit here: https://github.com/reidmefirst/MoxaPass . The exploit still works against current versions of firmware for Moxa's NPort 5xxx, 6xxx, MGate MB3xxx, and OnCell devices. It probably affects other devices, too, but we can only afford so many models in our research lab. For the 6xxx line, the exploit can only retrieve SNMP community strings; for all other devices above it can retrieve the administrator password still.<br /><br />Cheers,<br />ReidK. Reid Wightmanhttps://www.blogger.com/profile/16220322640953612515noreply@blogger.com