Multiple vulnerabilities in Moxa EDR-810



Published: 2018-04-18
Risk Low
Patch available YES
Number of vulnerabilities 17
CVE-ID CVE-2017-12120
CVE-2017-14432
CVE-2017-14433
CVE-2017-14434
CVE-2017-12129
CVE-2017-12121
CVE-2017-14438
CVE-2017-14439
CVE-2017-14435
CVE-2017-14436
CVE-2017-14437
CVE-2017-12123
CVE-2017-12124
CVE-2017-12125
CVE-2017-12128
CVE-2017-12126
CVE-2017-12127
CWE-ID CWE-78
CWE-261
CWE-20
CWE-476
CWE-319
CWE-200
CWE-352
CWE-256
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #12 is available.
Public exploit code for vulnerability #13 is available.
Public exploit code for vulnerability #14 is available.
Public exploit code for vulnerability #15 is available.
Public exploit code for vulnerability #16 is available.
Public exploit code for vulnerability #17 is available.
Vulnerable software
Subscribe
Moxa EDR-810
Server applications / SCADA systems

Vendor Moxa

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) OS command injection

EUVDB-ID: #VU11860

Risk: Low

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12120

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the ip= parm in the "/goform/net_WebPingGetValue" URI.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0472

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) OS command injection

EUVDB-ID: #VU11861

Risk: Low

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14432

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) OS command injection

EUVDB-ID: #VU11862

Risk: Low

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14433

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) OS command injection

EUVDB-ID: #VU11863

Risk: Low

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14434

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Weak cryptography for passwords

EUVDB-ID: #VU11864

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12129

CWE-ID: CWE-261 - Weak Cryptography for Passwords

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the web server functionality due to weak cryptography for passwords. A remote attacker can intercept weakly encrypted passwords and brute force them.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0481

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) OS command injection

EUVDB-ID: #VU11865

Risk: Low

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12121

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the rsakey_name= parm in the "/goform/WebRSAKEYGen" uri.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0473

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Improper input validation

EUVDB-ID: #VU11866

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14438

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Service Agent functionality due to improper input validation. A remote attacker can submit a specially crafted packet to 4000/tcp and 4001/tcp and cause the service to crash.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Improper input validation

EUVDB-ID: #VU11867

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14439

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Service Agent functionality due to improper input validation. A remote attacker can submit a specially crafted packet to 4000/tcp and 4001/tcp and cause the service to crash.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) NULL pointer dereference

EUVDB-ID: #VU11868

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14435

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) NULL pointer dereference

EUVDB-ID: #VU11869

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14436

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) NULL pointer dereference

EUVDB-ID: #VU11870

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14437

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Cleartext transmission of sensitive information

EUVDB-ID: #VU11871

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12123

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the web server and telnet functionality due to clear text transmission of password. A remote attacker can look at network traffic to get the admin password for the device, use the credentials to login as admin and gain access to potentially sensitive information.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) NULL pointer dereference

EUVDB-ID: #VU11872

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12124

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted HTTP URI and cause the service to crash.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0476

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

14) OS command injection

EUVDB-ID: #VU11873

Risk: Low

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12125

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.

The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the CN= parm in the "/goform/net_WebCSRGen" uri.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0477

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

15) Information disclosure

EUVDB-ID: #VU11874

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12128

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the Server Agent functionality due to improper information control. A remote attacker can submit a specially crafted TCP packet and gain access to potentially sensitive information.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0480

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

16) Cross-site request forgery

EUVDB-ID: #VU11875

Risk: Low

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12126

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct cross-site request forgery attack and gain elevated privileges on the target system.

The weakness exists in the web server functionality due to insufficient CSRF protections. A remote attacker can submit a specially crafted HTML and gain root prvileges.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

17) Plaintext storage of a password

EUVDB-ID: #VU11876

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12127

CWE-ID: CWE-256 - Unprotected Storage of Credentials

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in the operating system functionality due to plaintext storage of a password. A local attacker can extract passwords in clear text.

Mitigation

Update to version 4.2.

Vulnerable software versions

Moxa EDR-810: 4.1


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###