Multiple vulnerabilities in Moxa ioPAC 8500 and ioPAC 8600 Series (IEC Models) Controllers
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-25176 CVE-2020-25178 CVE-2020-25180 CVE-2020-25184 |
| CWE-ID | CWE-22 CWE-319 CWE-321 CWE-312 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ioPAC 8600-CPU30-RJ45-IEC-T Hardware solutions / Routers & switches, VoIP, GSM, etc ioPAC 8600-CPU30-M12-IEC-T Hardware solutions / Routers & switches, VoIP, GSM, etc ioPAC 8500-2-M12-IEC-T Hardware solutions / Routers & switches, VoIP, GSM, etc ioPAC 8500-2-RJ45-IEC-T Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Moxa |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU53972
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-25176
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the ISaGRAF eXchange Layer (IXL) protocol. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsioPAC 8600-CPU30-RJ45-IEC-T: 1.2
ioPAC 8600-CPU30-M12-IEC-T: 1.2
ioPAC 8500-2-M12-IEC-T: 1.4
ioPAC 8500-2-RJ45-IEC-T: 1.4
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU53975
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-25178
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can upload, read, and delete files.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsioPAC 8600-CPU30-RJ45-IEC-T: 1.2
ioPAC 8600-CPU30-M12-IEC-T: 1.2
ioPAC 8500-2-M12-IEC-T: 1.4
ioPAC 8500-2-RJ45-IEC-T: 1.4
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Hard-coded Cryptographic Key
EUVDB-ID: #VU53979
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-25180
CWE-ID:
CWE-321 - Use of Hard-coded Cryptographic Key
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disclose sensitive information on the target system.
The vulnerability exists due to use of hard-coded cryptographic key issue. A remote attacker can pass their own encrypted password to the ISaGRAF 5 Runtime, and cause information disclosure on the device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsioPAC 8600-CPU30-RJ45-IEC-T: 1.2
ioPAC 8600-CPU30-M12-IEC-T: 1.2
ioPAC 8500-2-M12-IEC-T: 1.4
ioPAC 8500-2-RJ45-IEC-T: 1.4
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cleartext storage of sensitive information
EUVDB-ID: #VU53974
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-25184
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to other users' credentials.
The vulnerability exists due to the ISaGRAF Runtime stored credentials in plain text in a configuration file on the system. A local user can view contents of the configuration file and gain access to passwords for 3rd party integration.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsioPAC 8600-CPU30-RJ45-IEC-T: 1.2
ioPAC 8600-CPU30-M12-IEC-T: 1.2
ioPAC 8500-2-M12-IEC-T: 1.4
ioPAC 8500-2-RJ45-IEC-T: 1.4
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
