#VU17867 Cleartext transmission of sensitive information in Moxa products - CVE-2019-6526

Cybersecurity Help s.r.o.

Published: 2019-02-26

Vulnerability identifier: #VU17867

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-6526

CWE-ID: CWE-319

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Moxa EDS-510A
Server applications / SCADA systems
Moxa EDS-408A
Server applications / SCADA systems
Moxa EDS-405A
Server applications / SCADA systems

Vendor: Moxa

Description

The vulnerability allows a remote attacker to obtain sensitive information.

The vulnerability exists due to Moxa EDS industrial switches use proprietary protocols that cannot be disabled. A remote attacker with ability to perform MitM attack can recover an administrator's password from the unlock function.

Mitigation
Request updates from vendor's technical support.

Vulnerable software versions

Moxa EDS-510A: 2.6 - 3.8

Moxa EDS-408A: 2.6 - 3.8

Moxa EDS-405A: 2.6 - 3.8

External links
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
https://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Moxa IKS and EDS industrial switches