Moxa MiiNePort Vulnerabilities

Plan PatchCVSS 9.6ICS-CERT ICSA-16-145-01AFeb 25, 2016

Moxa

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Moxa MiiNePort series (E1, E2, E3 models) contain multiple vulnerabilities related to insecure credential storage (CWE-312), cross-site request forgery (CWE-352), and weak authentication (CWE-287). The vulnerabilities allow attackers to extract sensitive information, bypass authentication mechanisms, and perform unauthorized actions on affected devices. Affected firmware versions include E1 models running 1.1.10 Build 09120714, E2 models running 1.1 Build 10080614, and E3 models running 1.0 Build 11071409.

What this means

What could happen

An attacker could gain unauthorized access to the MiiNePort serial device server, extract stored credentials, and issue commands to connected industrial equipment without proper authentication. This could allow unauthorized configuration changes, data theft, or disruption of serial communications to critical control devices.

Who's at risk

Water utilities, electric utilities, and other industrial facilities using Moxa MiiNePort serial device servers for SCADA communications, PLC connectivity, and remote terminal unit (RTU) management. These devices are commonly deployed to provide remote serial access to legacy control equipment that lacks native network interfaces.

How it could be exploited

An attacker with network access to the MiiNePort web interface or serial port can exploit weak authentication (CWE-287) to bypass login controls. Alternatively, they can craft a malicious request or extract plaintext credentials from the device storage (CWE-312) to gain administrative access. Once authenticated, the attacker can reconfigure the device or proxy commands to downstream serial-connected equipment.

Prerequisites

Network access to the MiiNePort device web interface (default ports 80 or 443)
No valid credentials required for initial exploitation due to weak authentication
User interaction may be required for CSRF attacks (CWE-352)

Remotely exploitableNo authentication requiredLow complexity attackNo patch availableHigh CVSS score (9.6)Affects industrial control systems

Exploitability

Unlikely to be exploited — EPSS score 0.8%

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

MiiNePort_E1_7080: Firmware_1.1.10_Build_09120714Firmware 1.1.10 Build 09120714No fix (EOL)

MiiNePort_E1_4641: Firmware_1.1.10_Build_09120714Firmware 1.1.10 Build 09120714No fix (EOL)

MiiNePort_E2_1242: Firmware_1.1_Build_10080614Firmware 1.1 Build 10080614No fix (EOL)

MiiNePort_E2_4561: Firmware_1.1_Build_10080614Firmware 1.1 Build 10080614No fix (EOL)

MiiNePort E3: Firmware_1.0_Build_11071409Firmware 1.0 Build 11071409No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict network access to MiiNePort devices using firewall rules; allow only authorized engineering workstations and SCADA networks

HARDENINGDisable remote web interface access if not operationally required; configure local-only management or use out-of-band management networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor MiiNePort devices for unauthorized access attempts and configuration changes through logs and network sensors

HOTFIXContact Moxa support to inquire about firmware updates or end-of-life status, as no patches are currently available

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: MiiNePort_E1_7080: Firmware_1.1.10_Build_09120714, MiiNePort_E1_4641: Firmware_1.1.10_Build_09120714, MiiNePort_E2_1242: Firmware_1.1_Build_10080614, MiiNePort_E2_4561: Firmware_1.1_Build_10080614, MiiNePort E3: Firmware_1.0_Build_11071409. Apply the following compensating controls:

HARDENINGDeploy network segmentation to isolate MiiNePort devices in a restricted industrial zone with limited external connectivity

CVEs (3)

CVE-2016-2295 CVE-2016-2285 CVE-2016-2286

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d2ca2f2b-af64-4573-bef1-cd05a0d4a85b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.