Moxa MiiNePort Session Hijack Vulnerabilities

Monitor5.3ICS-CERT ICSA-16-343-01Sep 11, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Moxa MiiNePort E1, E2, and E3 serial-to-Ethernet converters contain session hijacking vulnerabilities in their web-based management interfaces. The devices fail to properly protect session identifiers, allowing an attacker with network access to reuse or steal active session tokens. This permits unauthorized access to device configuration and management functions without valid credentials. Affected models are: MiiNePort E1 (all versions before 1.8), MiiNePort E2 (all versions before 1.4), and MiiNePort E3 (all versions before 1.1).

What this means

What could happen

An attacker on the network could hijack existing sessions to the MiiNePort device without needing valid credentials, potentially gaining unauthorized access to device configuration and management functions.

Who's at risk

Water authorities, electric utilities, and other critical infrastructure operators using Moxa MiiNePort E-series serial-to-Ethernet converters for legacy equipment connectivity and remote management should assess their exposure. These devices are commonly deployed in SCADA networks and field sites where they bridge serial instruments (RTUs, PLCs, flow meters) to IP networks.

How it could be exploited

An attacker with network access to the MiiNePort device identifies an active session cookie or session token in transit or stored insecurely. The attacker then reuses or replays the session token to impersonate a legitimate user and access the device's management interface without authentication.

Prerequisites

Network access to the MiiNePort device management port (typically HTTP/HTTPS)
An existing active session on the device (user or administrator logged in)
Ability to intercept or observe session tokens on the network

remotely exploitableno authentication requiredlow complexityno patch availablesession fixation weakness

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

MiiNePort E1: <1.8<1.8No fix (EOL)

MiiNePort E2: <1.4<1.4No fix (EOL)

MiiNePort E3: <1.1<1.1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDeploy a firewall or access control rule to block direct management port access from untrusted network segments

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: MiiNePort E1: <1.8, MiiNePort E2: <1.4, MiiNePort E3: <1.1. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to MiiNePort management interfaces to authorized engineering workstations and administrative networks only

HARDENINGUse a VPN or jump host for out-of-band management of MiiNePort devices

HARDENINGMonitor network traffic for suspicious session activity and unauthorized device access attempts

CVEs (2)

CVE-2016-9344 CVE-2016-9346

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9bcb19f8-73f2-4f3e-991c-3b7f223a1ee6