Multiple vulnerabilities in Moxa IKS and EDS industrial switches
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2019-6557 CVE-2019-6561 CVE-2019-6565 CVE-2019-6520 CVE-2019-6524 CVE-2019-6526 CVE-2019-6522 CVE-2019-6518 CVE-2019-6563 CVE-2019-6559 |
| CWE-ID | CWE-120 CWE-352 CWE-79 CWE-284 CWE-799 CWE-319 CWE-125 CWE-256 CWE-287 CWE-20 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Moxa IKS-G6824A Server applications / SCADA systems Moxa EDS-510A Server applications / SCADA systems Moxa EDS-408A Server applications / SCADA systems Moxa EDS-405A Server applications / SCADA systems |
| Vendor | Moxa |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU17862
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6557
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send a specially crafted request to the affected system, trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationRequest updates from vendor's technical support.
Moxa IKS-G6824A: 4.5
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site request forgery
EUVDB-ID: #VU17863
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6561
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationRequest updates from vendor's technical support.
Vulnerable software versionsMoxa IKS-G6824A: 4.5
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU17864
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6565
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationRequest updates from vendor's technical support.
Vulnerable software versionsMoxa IKS-G6824A: 4.5
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU17865
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6520
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in web interface. A remote attacker can gain unauthorized access to sensitive information.
MitigationRequest updates from vendor's technical support.
Vulnerable software versionsMoxa IKS-G6824A: 4.5
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper control of interaction frequency
EUVDB-ID: #VU17866
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6524
CWE-ID:
CWE-799 - Improper Control of Interaction Frequency
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform brute-force attack.
The vulnerability exists due to the application does not implement sufficient measures to prevent multiple failed authentication attempts, which makes the switches susceptible to brute force attacks.
MitigationRequest updates from vendor's technical support.
Vulnerable software versionsMoxa EDS-510A: 2.6 - 3.8
Moxa EDS-408A: 2.6 - 3.8
Moxa EDS-405A: 2.6 - 3.8
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cleartext transmission of sensitive information
EUVDB-ID: #VU17867
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6526
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain sensitive information.
The vulnerability exists due to Moxa EDS industrial switches use proprietary protocols that cannot be disabled. A remote attacker with ability to perform MitM attack can recover an administrator's password from the unlock function.
MitigationRequest updates from vendor's technical support.
Vulnerable software versionsMoxa EDS-510A: 2.6 - 3.8
Moxa EDS-408A: 2.6 - 3.8
Moxa EDS-405A: 2.6 - 3.8
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU17868
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6522
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can send a specially crafted request to the device, trigger out-of-bounds read error and read contents of memory on the system.
MitigationRequest updates from vendor's technical support.
Vulnerable software versionsMoxa IKS-G6824A: 4.5
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Unprotected storage of credentials
EUVDB-ID: #VU17869
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6518
CWE-ID:
CWE-256 - Unprotected Storage of Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
The vulnerability exists due to credentials on device are stored in an insecure manner. A remote authenticated user via web interface can gain access to other users' credentials.
MitigationRequest updates from vendor's technical support.
Vulnerable software versionsMoxa EDS-510A: 2.6 - 3.8
Moxa EDS-408A: 2.6 - 3.8
Moxa EDS-405A: 2.6 - 3.8
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Authentication
EUVDB-ID: #VU17870
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6563
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to authentication cookie is based on MD5 hash of the password. A remote attacker with ability to perform MitM attack can obtain the cookie and recover administrator's password.
Request updates from vendor's technical support.
Vulnerable software versionsMoxa EDS-510A: 2.6 - 3.8
Moxa EDS-408A: 2.6 - 3.8
Moxa EDS-405A: 2.6 - 3.8
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU17871
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6559
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to input validation error when processing network packets. A remote attacker can send a specially crafted network packet and perform a denial of service (DoS) attack.
MitigationRequest updates from vendor's technical support.
Vulnerable software versionsMoxa EDS-510A: 2.6 - 3.8
Moxa EDS-408A: 2.6 - 3.8
Moxa EDS-405A: 2.6 - 3.8
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
http://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Stack overflow
EUVDB-ID: #VU17872
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionRequest updates from vendor's technical support.
Vulnerable software versionsMoxa IKS-G6824A: 4.5
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU17873
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionRequest updates from vendor's technical support.
Vulnerable software versionsMoxa IKS-G6824A: 4.5
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
