- These switches are used to build industrial networks for several sectors.
- The switches in the EDS-405A, EDS-408A, EDS-510A, and IKS-G6824A series are impacted by the flaws.
Moxa has released security advisory to fix 12 vulnerabilities found in its industrial switches. These switches are used to build industrial networks for several sectors that include oil & gas, transportation and maritime logistic.
Which switches were affected - According to Positive Technologies and Moxa, the vulnerabilities can result in the compromise of the entire industrial network. The switches that are impacted by the flaws are the switches in the EDS-405A, EDS-408A, EDS-510A, and IKS-G6824A series.
“A vulnerable switch can mean the compromise of the entire industrial network. If ICS components are parts of the body, you can think of network equipment as the arteries that connect them all. So disruption of network interactions could degrade or even stop ICS operations entirely, Paolo Emiliani, Industry and SCADA Research Analyst at Positive Technologies explained.
What are the vulnerabilities - 5 of the 12 vulnerabilities are found impacting the EDS-405A, EDS-408A, and EDS-510A series that used the firmware versions 3.8 and earlier. Three of the five have been rated as highly dangerous.
Citing the risk associated with the vulnerabilities, Emiliani said, “For instance, an attacker could recover the password from a cookie intercepted over the network or by using Cross-Site Scripting (XSS), extract sensitive information, or brute-force credentials using the proprietary configuration protocol to obtain control over the switch and possibly the entire industrial network.”
IKS-G6824A switches that run on firmware version 4.5 and earlier are affected by seven vulnerabilities. The most dangerous one is the buffer overflow vulnerability.
“Exploitation of the vulnerability causes denial of service and potentially remote code execution. In the hands of attackers, the other vulnerabilities could cause permanent denial of service on the switch, reading of device memory, ability to perform various actions as a legitimate user in the device web interface, and more,” Emiliani added.
How to protect yourself - Moxa has published advisory to address the flaws. New firmware versions have been released to fix the issues. In addition, users are also advised to set the web configuration as ‘https only’ to mitigate the predictable session ID problem.