Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks

  Rassegna Stampa, Security
image_pdfimage_print

Organizations using Moxa’s MXsecurity product have been informed about two potentially serious vulnerabilities that could be exploited by malicious hackers targeting operational technology (OT) networks.

MXsecurity is an industrial network security management software designed for OT environments. 

Security researcher Simon Janz discovered recently that the product is impacted by a critical vulnerability that can be exploited remotely to bypass authentication (CVE-2023-33235) and a high-severity flaw in the SSH command-line interface that can lead to remote command execution (CVE-2023-33236).

Moxa patched the security holes with the release of version 1.0.1. The industrial networking, computing and automation solutions provider has published an advisory describing the vulnerabilities. 

Advisories for the two bugs have also been published by the US Cybersecurity and Infrastructure Security Agency (CISA), which noted that the impacted product is used worldwide in multiple sectors, as well as by the Zero Day Initiative (ZDI), which coordinated the disclosure process. 

A Chinese researcher seems to have also found the same vulnerabilities and last week disclosed technical details

The critical vulnerability exists in the configuration of the MXsecurity web-based interface and is related to a hardcoded JWT secret. 

Advertisement. Scroll to continue reading.

Janz told SecurityWeek that an attacker can leverage the hardcoded secret key to forge valid JWT tokens and gain access to the web panel with admin privileges.

In the case of the high-severity vulnerability, the researcher noted that an attacker would need to know or guess SSH admin credentials for exploitation. Once authenticated, the attacker can execute arbitrary commands and gain a foothold in the targeted network. 

Related: Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks

Related: Moxa MXview Vulnerabilities Expose Industrial Networks to Attacks

Related: Flaws in Moxa Railway Devices Could Allow Hackers to Cause Disruptions

https://www.securityweek.com/moxa-patches-mxsecurity-vulnerabilities-that-could-be-exploited-in-ot-attacks/