Product support

Security Advisories

SUMMARY

EDS-405A Series, EDS-408A Series, EDS-510A Series, and IKS-G6824A Series Ethernet Switches Vulnerabilities

  • Version: 1.0
  • Release Date: Feb 01, 2019

Multiple product vulnerabilities were identified in Moxa’s EDS-405A Series, EDS-408A Series, EDS-510A Series, and IKS-G6824A Series Ethernet Switches. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

EDS-405A Series, EDS-408A Series, and EDS-510A Series

Item Vulnerability Type Impact
1 Plain text storage of a password An authenticated user can execute arbitrary code from the web console.
2 Predictable session ID Moxa EDS industrial switches web server cookie value is not generated with proper encryption. Therefore, an attacker can still reuse it to recover the administrator's password.
3 Missing encryption of sensitive data Moxa EDS industrial switches use proprietary protocols that cannot be disabled, which means an attacker can recover an administrator's password from the unlock function.
4 Improper restriction of excessive authentication attempts Moxa EDS industrial switches do not implement sufficient measures to prevent multiple failed authentication attempts, which makes the switches susceptible to brute force attacks.
5 Resource exhaustion

Moxa EDS industrial switches use proprietary protocols, which allow authenticated users with remote access to cause a denial of service via a specially crafted packet.

 

IKS-G6824A Series

Item Vulnerability Type Impact
1 Plain text storage of a password Improper calculation of length of “User” cookie value leads to stack overflow, which gives an attacker the ability to reboot the device.
2 Buffer overflow in specify parameter Several buffer overflow vulnerabilities can be caused by copying the unregulated contents of specify parameter which may allow remote code execution.
3 Read device memory Failure to properly check array bounds gives attackers the ability to read device memory on arbitrary addresses.
4 Failure to handle corrupted OSPF packets Sending malformed OSPF Hello packets to a vulnerable device results in the device rebooting after 2 or 3 minutes.
5 Multiple XSS

Failure to properly validate user input gives unauthenticated and authenticated attackers the ability to perform XSS attacks on users.

6 Improper web interface access control

The switch has a management web interface. However, the authority is not properly checked from the server side, which results in read-only users being able to alter configurations.

7 Cross-Site Request Forgery Cross-Site Request Forgery (CSRF) occurs when an attacker uses a web browser that has already been authenticated by a user to target a web application.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
EDS-405A Series Firmware Version 3.8 or lower
EDS-408A Series Firmware Version 3.8 or lower
EDS-510A Series Firmware Version 3.8 or lower
IKS-G6824A Series Firmware Version 4.5 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
EDS-405A, EDS-408A, and EDS-510A Series

For vulnerability 2, users can set web configuration as "https only". We suggest that customers use “https only” to mitigate the predictable session ID problem.

For vulnerabilities 1, 3, 4, and 5, customers can request a patch firmware.Please contact Moxa Technical Support for assistance.

IKS-G6824A Series

For vulnerabilities 3, 6, and 7, this vulnerability is mainly triggered in the web console. We suggest that users disable the web console access (HTTP) and use other consoles such as SNMP/Telnet/CLI to eliminate this potential vulnerability.

For vulnerabilities 1, 2, 4, and 5, customers can request a patch firmware. Please contact Moxa Technical Support for assistance.

 

Acknowledgment

We would like to thank Mr. Ivan B, Vyacheslav Moskvin and Sergey Fedonin from Positive Technologies for reporting the vulnerabilities, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Feb 01, 2019

 

Relevant Products

EDS-405A Series · EDS-408A Series · EDS-510A Series · IKS-G6824A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s Get That Fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag