Positive Technologies experts found a critical vulnerability in Moxa’s industrial wireless converters

Positive Technologies experts found a critical vulnerability in Moxa’s industrial wireless converters

The experts of Positive Technologies talked about the vulnerability CVE-2024–1220 (BDU:2024–01 811) found in Moxa industrial wireless converters. The vulnerability was discovered in NPort W2150a and W2250a converters. These devices allow you to connect industrial controllers, meters and sensors to a local Wi-Fi network. Wireless access is necessary for monitoring equipment located, for example, on moving objects (containers, elevators, robots) or in aggressive environments (chemical and metallurgical production), the press service of the IS company told Habra’s information service. The vendor was notified of the threat as part of its responsible disclosure policy. The vulnerability received a score of 8.2 out of 10 on the CVSS v3.1 Vulnerability Rating Scale.

CVE-2024-1220 was found in device firmware v2.3. The company has already fixed the vulnerability by releasing a new version of the software. To eliminate the vulnerability, IT experts recommend installing a new version of the firmware.

According to Volodymyr Razov, a specialist of the Positive Technologies web application security analysis group, such vulnerabilities can be exploited by internal attackers or guests at the enterprise, for example, partners, candidates for interviews. In some cases, these could be attackers with powerful antennas to amplify the wireless signal and attack the enterprise through the physical perimeter. Also, attackers can intercept access to the device (laptop, smartphone) of an employee of an industrial facility or an office, economic part, in order to exploit vulnerabilities. However, for such attacks, the attackers still needed to compromise the access points to which the Moxa converters are connected.

With CVE-2024-1220, an attacker on the same network as a vulnerable Moxa NPort W2150a or W2250a converter could execute arbitrary code on the devices without authorization and gain full access to them. To gain access, it is enough to make a special request to the device, after which commands could be sent to connected industrial controllers and other equipment through the converter.

Related posts