Moxa DACenter Vulnerabilities

Plan Patch8.8ICS-CERT ICSA-16-348-02Sep 16, 2016

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Moxa DACenter versions 1.4 and earlier contain privilege escalation vulnerabilities (CWE-400, CWE-428) that allow local authenticated users to gain elevated privileges and execute arbitrary code. The vulnerability arises from improper input validation and resource management, potentially enabling an attacker with local system access to run commands with supervisor-level rights and modify system behavior or data integrity. No patch has been made available by the vendor.

What this means

What could happen

An attacker with local access to a Moxa DACenter device could execute arbitrary code with high privileges, potentially gaining control over data acquisition and supervisory functions in SCADA and monitoring systems.

Who's at risk

Water and electric utilities using Moxa DACenter for remote data acquisition, SCADA frontend communication, or environmental monitoring should assess their exposure. DACenter is commonly deployed to collect readings from sensors, PLCs, and field devices in process automation and critical infrastructure networks.

How it could be exploited

An attacker with a user account on the DACenter system (or who obtains local access via physical proximity, social engineering, or credential compromise) can exploit privilege escalation vulnerabilities to run arbitrary commands with elevated privileges, allowing them to modify data collection parameters, inject false sensor readings, or disrupt system operations.

Prerequisites

Local access to DACenter device or valid user-level credentials
Ability to execute code or scripts on the system (command shell access)

Local privilege escalationHigh CVSS score (8.8)No patch availableAffects SCADA/monitoring systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

DACenter: <=1.4≤ 1.4No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local access to DACenter devices to authorized personnel only; implement strict physical security controls and access logging for any machines running DACenter

HARDENINGImplement network-level segmentation to limit which systems and users can reach DACenter devices; use firewall rules to restrict administration to specific engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor DACenter logs for unusual privilege escalation or command execution attempts

Mitigations - no patch available

0/1

DACenter: <=1.4 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan migration away from DACenter 1.4 and earlier to a patched or alternative data acquisition platform with active vendor support

CVEs (2)

CVE-2016-9354 CVE-2016-9356

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/aa80a542-53eb-4ccf-bb0a-9fedbf504bd2