Moxa EDR 810 Series

Plan Patch7.2ICS-CERT ICSA-19-274-03Oct 1, 2019

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

The Moxa EDR-810 industrial router (firmware versions 5.1 and earlier) contains input validation and access control vulnerabilities (CWE-20, CWE-284) that allow an authenticated attacker to execute arbitrary code or access sensitive information. The vulnerabilities enable a threat with high privileges to bypass security controls and compromise the confidentiality, integrity, and availability of the device and any systems it connects to.

What this means

What could happen

An attacker with high-level administrative access could execute arbitrary commands on the EDR-810 router or access sensitive configuration data, potentially disrupting network communication for connected industrial devices.

Who's at risk

Organizations operating Moxa EDR-810 industrial routers in water utilities, power systems, or other critical infrastructure should be aware. The EDR-810 is commonly deployed as an edge router to connect remote sites (pump stations, substations, wells) to the main control network. Compromise of this device can affect all connected field devices.

How it could be exploited

An attacker with administrative credentials (or who gains them through a separate compromise) can exploit input validation or access control flaws to execute arbitrary code on the EDR-810. This could allow them to modify network traffic, redirect communications from PLCs or HMIs, or extract credentials stored on the device.

Prerequisites

Administrator-level credentials or prior compromise of an admin account
Network access to the EDR-810 management interface (typically port 80/443 or SSH)

Requires administrative credentialsNo patch available for older firmware versionsAffects network infrastructure devices that other control systems depend onLow EPSS score (4.9%) but input validation flaws can be discovered by attackers

Exploitability

Moderate exploit probability (EPSS 4.9%)

Affected products (1)

ProductAffected VersionsFix Status

EDR-810: All≤ 5.15.2 or later

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict administrative access to the EDR-810 to authorized engineering workstations only; disable or firewall remote management ports from the business network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EDR-810 firmware to version 5.2 or later

Long-term hardening

0/3

HARDENINGIsolate the EDR-810 and connected control system network behind a firewall; ensure the device is not reachable from the Internet or business network without explicit authorization

HARDENINGImplement network segmentation to separate the control system network (where the EDR-810 resides) from the business/IT network

HARDENINGIf remote access to the EDR-810 is required, use a VPN and enforce multi-factor authentication for administrative accounts

CVEs (2)

CVE-2019-10969 CVE-2019-10963

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fc25b238-6cd9-4f35-ad6c-e21a7c135b77