SB2018041804 - Multiple vulnerabilities in Moxa EDR-810

Security Bulletin ID SB2018041804

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 17

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 17 vulnerabilities.

1) OS command injection (CVE-ID: CVE-2017-12120)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the ip= parm in the "/goform/net_WebPingGetValue" URI.

2) OS command injection (CVE-ID: CVE-2017-14432)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.

3) OS command injection (CVE-ID: CVE-2017-14433)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.

4) OS command injection (CVE-ID: CVE-2017-14434)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.

5) Weak cryptography for passwords (CVE-ID: CVE-2017-12129)

CWE-ID: CWE-261 - Weak Cryptography for Passwords

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the web server functionality due to weak cryptography for passwords. A remote attacker can intercept weakly encrypted passwords and brute force them.

6) OS command injection (CVE-ID: CVE-2017-12121)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the rsakey_name= parm in the "/goform/WebRSAKEYGen" uri.

7) Improper input validation (CVE-ID: CVE-2017-14438)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Service Agent functionality due to improper input validation. A remote attacker can submit a specially crafted packet to 4000/tcp and 4001/tcp and cause the service to crash.

8) Improper input validation (CVE-ID: CVE-2017-14439)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Service Agent functionality due to improper input validation. A remote attacker can submit a specially crafted packet to 4000/tcp and 4001/tcp and cause the service to crash.

9) NULL pointer dereference (CVE-ID: CVE-2017-14435)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.

10) NULL pointer dereference (CVE-ID: CVE-2017-14436)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.

11) NULL pointer dereference (CVE-ID: CVE-2017-14437)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.

12) Cleartext transmission of sensitive information (CVE-ID: CVE-2017-12123)

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the web server and telnet functionality due to clear text transmission of password. A remote attacker can look at network traffic to get the admin password for the device, use the credentials to login as admin and gain access to potentially sensitive information.

13) NULL pointer dereference (CVE-ID: CVE-2017-12124)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted HTTP URI and cause the service to crash.

14) OS command injection (CVE-ID: CVE-2017-12125)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the CN= parm in the "/goform/net_WebCSRGen" uri.

15) Information disclosure (CVE-ID: CVE-2017-12128)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the Server Agent functionality due to improper information control. A remote attacker can submit a specially crafted TCP packet and gain access to potentially sensitive information.

16) Cross-site request forgery (CVE-ID: CVE-2017-12126)

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to conduct cross-site request forgery attack and gain elevated privileges on the target system.

The weakness exists in the web server functionality due to insufficient CSRF protections. A remote attacker can submit a specially crafted HTML and gain root prvileges.

17) Plaintext storage of a password (CVE-ID: CVE-2017-12127)

CWE-ID: CWE-256 - Unprotected Storage of Credentials

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in the operating system functionality due to plaintext storage of a password. A local attacker can extract passwords in clear text.

Remediation

Install update from vendor's website.

SB2018041804 - Multiple vulnerabilities in Moxa EDR-810

Breakdown by Severity

Description

Remediation

References

Please verify you're human