Vulnerabilities in industrial Ethernet switches allow for credential theft, denial-of-service attacks

Industrial Ethernet switches from Moxa were found to lack basic security measures, making it possible to brute-force access to the switch management console, according to Positive Technologies.

Multiple vulnerabilities were discovered in industrial-grade Ethernet switches manufactured by Moxa, allowing malicious actors to commandeer the switches or create denial-of-service attacks, according to researchers at Positive Technologies. The switches are intended for deployment in critical energy and transportation infrastructures, as well as general manufacturing or industrial use cases.

The Moxa EDS-405A series, EDS-408A series, EDS-510A series, and IKS-G6824A series Ethernet switches were found to be vulnerable. Based on the number and extent of the vulnerabilities, few if any practical security measures were considered in the design of the managed switches, as passwords are stored in plain text, according to the research.

SEE: Research: Why Industrial IoT deployments are on the rise (Tech Pro Research)

For the vulnerable EDS switches, the session ID for the web interface is predictable, further making it possible to recover passwords. Likewise, the use of proprietary protocols allow for password recovery and denial-of-service attacks. The EDS routers additionally lack “sufficient measures,” according to Moxa, to prevent multiple failed authentication attempts, making it possible to launch brute-force attacks.

In the IKS-G6824A series, according to researchers, the most dangerous vulnerability “involved a buffer overflow in the web interface that could be performed without logging in. Exploitation of the vulnerability causes denial of service and potentially remote code execution. In the hands of attackers, the other vulnerabilities could cause permanent denial of service on the switch, reading of device memory, ability to perform various actions as a legitimate user in the device web interface, and more.”

Moxa has issued firmware patches for the affected switches, though these are not directly downloadable—they require contacting technical support in order to receive. On the EDS switches, Moxa recommends changing configuration to HTTPS-only access for the management console. On the IKS-G6824A switches, the company claims issues not patched in firmware are “mainly triggered” in the web console, and that users disable it in favor of using “other consoles such as SNMP/Telnet/CLI,” which is quite likely the first time this decade that a vendor has recommended Telnet to increase security.

Vulnerabilities in networking equipment deployed for critical infrastructure are a national security risk. For more, check out TechRepublic’s cheat sheet on Cyberwar, the 5 biggest IoT security failures of 2018, and how AI, supply chain, and IoT risks will dominate the 2019 cyberthreat landscape.

Also see

istock-666467640.jpg

ChakisAtelier, Getty Images/iStockphoto

Be the first to comment

Leave a Reply

Your email address will not be published.


*