MOXA EDR-G903 Series Multiple Vulnerabilities

Low RiskICS-CERT ICSA-13-042-01Nov 15, 2013

Summary

Moxa EDR-G903 series routers contain multiple vulnerabilities related to weak random number generation (CWE-331) for cryptographic operations and insecure credential management (CWE-259). These issues could allow an attacker on the network to bypass authentication and gain unauthorized administrative access to the router. All versions of the EDR-G903 series are affected, and no vendor patch is available. The vulnerabilities reside in the device's core authentication and encryption mechanisms.

What this means

What could happen

An attacker with network access to an EDR-G903 router could use weak cryptographic practices or insecure credential storage to gain unauthorized access, potentially allowing them to redirect traffic, disrupt communications, or gain a foothold into your operational network.

Who's at risk

Water authorities and electric utilities using Moxa EDR-G903 series routers for remote site connectivity, SCADA data aggregation, or industrial network routing should be concerned. This affects any facility relying on these routers for secure communication between substations, pump stations, or remote terminal units (RTUs).

How it could be exploited

An attacker on the network reachable by the EDR-G903 could exploit weak random number generation (CWE-331) or hardcoded/easily guessable credentials (CWE-259) to bypass authentication, gain administrative access to the router, and reconfigure network routing or filtering rules.

Prerequisites

Network access to the EDR-G903 router (direct or via network path)
No special privileges or user authentication required for initial exploitation of weak cryptography
Physical or logical access to the device may be needed depending on how credentials are exposed

No patch availableWeak cryptography (CWE-331)Insecure credential storage (CWE-259)Affects industrial routers used in critical OT networks

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

EDR-G903 series routers: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate EDR-G903 routers from untrusted networks using firewall rules and network segmentation; restrict administrative access to trusted engineering workstations only

WORKAROUNDIf the device supports it, change any default or weak credentials to strong, unique passwords and disable unnecessary remote management protocols

Mitigations - no patch available

0/2

EDR-G903 series routers: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor the device for unauthorized access attempts and unusual configuration changes

HARDENINGEvaluate replacement of end-of-life EDR-G903 units with current Moxa router models that receive security updates

CVEs (2)

CVE-2012-4694 CVE-2012-4712

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6a85976f-9add-4dae-b6b4-0ab22e43efad