As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

ioPAC 8500 and ioPAC 8600 Series (IEC Models) Controllers Vulnerabilities

  • Version: V1.0
  • Release Date: Dec 01, 2021
  • Reference:
    • CVE-2020-25176, CVE-2020-25178, CVE-2020-25180, CVE-2020-25184
    • KL-CERT-20-022, KL-CERT-20-023, KL-CERT-20-025, KL-CERT-20-026

Multiple product vulnerabilities were identified in Moxa’s ioPAC 8500 Series (IEC models) and ioPAC 8600 Series (IEC models) rugged modular programmable controllers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Relative path traversal (CWE23) CVE-2020-25176 It is possible for an unauthenticated attacker located remotely to traverse an application’s directory, which could lead to remote code execution.
2 Cleartext transmission of sensitive information (CWE-319) CVE-2020-25178 Data is transferred over this protocol unencrypted, which could allow an attacker located remotely to upload, read, and delete files.
3 Use of hard-coded cryptographic key (CWE-321) CVE-2020-25180 An unauthenticated attacker located remotely could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
4 Unprotected storage of credentials (CWE-256) CVE-2020-25184 An unauthenticated attacker at the site could compromise user’s passwords, resulting in information disclosure.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products

The affected products and firmware versions are shown below.

Product Series Affected Versions
ioPAC 8500-2-RJ45-IEC-T
ioPAC 8500-2-M12-IEC-T
Firmware version 1.4 or lower.
ioPAC 8600-CPU30-M12-IEC-T
ioPAC 8600-CPU30-RJ45-IEC-T
Firmware version 1.2 or lower.

Solutions

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
ioPAC 8500-2-RJ45-IEC-T
ioPAC 8500-2-M12-IEC-T
For items 1 and 4:

If a user does not use ISaGRAF to configure or program the ioPAC 8500/8600 Series, then we encourage the user to utilize the built-in firewall to block access on TCP 1113 and TCP 1131 from outside the ioPAC 8500/8600 Series to mitigate the security risk.

If someone uses ISaGRAF to configure or program the ioPAC 8500/8600 Series, then we suggest following the steps below to mitigate security risks

For first initialization:
  1. Program or configure ioPAC 8500/8600 Series via ISaGRAF.
  2. Then, access ioPAC 8500/8600 Series and block access from TCP 1113 port and TCP 1131 port.
  3. Save the firewall rules settings on the ioPAC 8500/8600 Series.
For regular maintenance (re-config):
  1. Access the ioPAC 8500/8600 Series via a secure connection.
  2. Reopen TCP 1113 port and TCP 1131 port.
  3. Re-config the ioPAC 8500/8600 Series via ISaGRAF.
  4. Then, access the ioPAC 8500/8600 Series and block access from TCP 1113 port and TCP 1131 port.
  5. Save the firewall rules settings on the ioPAC 8500/8600 Series.

Below are the instructions for the firewall to block or reopen TCP 1113 port and TCP 1131 port on the ioPAC 8500/8600 Series.(Download Here)

For items 2, 3, and 4:
  • Place the ioPAC 8500/8600 Series behind a firewall and isolate them from the business network.
  • Install physical controls so no unauthorized personnel can access the ioPAC 8500/8600 Series.

Acknowledgment

We would like to express our appreciation to Alexander Nochvay from Kaspersky Lab ICS CERT for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

Revision History

Version Description Release Date
1.0 First Release Dec 01, 2021
  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
Feedback