Moxa MiiNePort Vulnerabilities
Act Now9.6ICS-CERT ICSA-16-145-01AFeb 25, 2016
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Moxa MiiNePort series (E1, E2, E3 models) contain multiple vulnerabilities related to insecure credential storage (CWE-312), cross-site request forgery (CWE-352), and weak authentication (CWE-287). The vulnerabilities allow attackers to extract sensitive information, bypass authentication mechanisms, and perform unauthorized actions on affected devices. Affected firmware versions include E1 models running 1.1.10 Build 09120714, E2 models running 1.1 Build 10080614, and E3 models running 1.0 Build 11071409.
What this means
What could happen
An attacker could gain unauthorized access to the MiiNePort serial device server, extract stored credentials, and issue commands to connected industrial equipment without proper authentication. This could allow unauthorized configuration changes, data theft, or disruption of serial communications to critical control devices.
Who's at risk
Water utilities, electric utilities, and other industrial facilities using Moxa MiiNePort serial device servers for SCADA communications, PLC connectivity, and remote terminal unit (RTU) management. These devices are commonly deployed to provide remote serial access to legacy control equipment that lacks native network interfaces.
How it could be exploited
An attacker with network access to the MiiNePort web interface or serial port can exploit weak authentication (CWE-287) to bypass login controls. Alternatively, they can craft a malicious request or extract plaintext credentials from the device storage (CWE-312) to gain administrative access. Once authenticated, the attacker can reconfigure the device or proxy commands to downstream serial-connected equipment.
Prerequisites
- Network access to the MiiNePort device web interface (default ports 80 or 443)
- No valid credentials required for initial exploitation due to weak authentication
- User interaction may be required for CSRF attacks (CWE-352)
Remotely exploitableNo authentication requiredLow complexity attackNo patch availableHigh CVSS score (9.6)Affects industrial control systems
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
MiiNePort_E1_7080: Firmware_1.1.10_Build_09120714Firmware 1.1.10 Build 09120714No fix (EOL)
MiiNePort_E1_4641: Firmware_1.1.10_Build_09120714Firmware 1.1.10 Build 09120714No fix (EOL)
MiiNePort_E2_1242: Firmware_1.1_Build_10080614Firmware 1.1 Build 10080614No fix (EOL)
MiiNePort_E2_4561: Firmware_1.1_Build_10080614Firmware 1.1 Build 10080614No fix (EOL)
MiiNePort E3: Firmware_1.0_Build_11071409Firmware 1.0 Build 11071409No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGRestrict network access to MiiNePort devices using firewall rules; allow only authorized engineering workstations and SCADA networks
HARDENINGDisable remote web interface access if not operationally required; configure local-only management or use out-of-band management networks
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor MiiNePort devices for unauthorized access attempts and configuration changes through logs and network sensors
HOTFIXContact Moxa support to inquire about firmware updates or end-of-life status, as no patches are currently available
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: MiiNePort_E1_7080: Firmware_1.1.10_Build_09120714, MiiNePort_E1_4641: Firmware_1.1.10_Build_09120714, MiiNePort_E2_1242: Firmware_1.1_Build_10080614, MiiNePort_E2_4561: Firmware_1.1_Build_10080614, MiiNePort E3: Firmware_1.0_Build_11071409. Apply the following compensating controls:
HARDENINGDeploy network segmentation to isolate MiiNePort devices in a restricted industrial zone with limited external connectivity
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d2ca2f2b-af64-4573-bef1-cd05a0d4a85b