Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability

Monitor7.5ICS-CERT ICSA-16-294-01Jul 24, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Moxa EDR-810 industrial secure router (firmware versions before V3.13) contains an improper privilege control vulnerability (CWE-284) that allows remote attackers without credentials to gain administrative access to the device. The vulnerability enables modification of router configuration, potential interception of industrial control traffic, and disruption of critical communications between plant systems.

What this means

What could happen

An attacker on the network can gain administrative privileges on the Moxa EDR-810 industrial router without providing credentials, allowing them to alter routing configurations, redirect traffic, or intercept plant communications.

Who's at risk

Manufacturing facilities that rely on Moxa EDR-810 industrial routers for plant network connectivity and SCADA communications should be concerned. This affects any site where the router handles connections between control networks and remote monitoring/HMI systems, as well as any industrial environment using this router as a secure gateway or VPN appliance.

How it could be exploited

An attacker with network access to the Moxa EDR-810 can exploit improper privilege controls (CWE-284) to escalate to administrative access without authentication. Once elevated, the attacker can modify router settings, access sensitive plant data, or disrupt network traffic between control systems.

Prerequisites

Network reachability to the EDR-810's management interface or service ports
No credentials or authentication required

Remotely exploitableNo authentication requiredLow complexity attackNo patch availablePrivilege escalation to full administrative control

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

EDR-810 firmware: <V3.13<V3.13No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict access to the EDR-810's management interfaces from untrusted networks

HARDENINGMonitor router logs and traffic for unauthorized configuration changes or suspicious administrative access

Mitigations - no patch available

0/1

EDR-810 firmware: <V3.13 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the EDR-810 on a protected management network accessible only from authorized engineering workstations

CVEs (1)

CVE-2016-8346

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8ea8c2d9-1146-4102-93d1-69651e282824