OTPulse
FeedAboutContact

Moxa MXsecurity Series

Act Now9.8ICS-CERT ICSA-23-145-01May 31, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Moxa MXsecurity Series Software contains two vulnerabilities that allow an unauthorized user to bypass authentication (CWE-798) or execute arbitrary commands on the device (CWE-77). Both vulnerabilities are remotely exploitable with no authentication required and low attack complexity. The vulnerabilities affect version v1.0.

What this means
What could happen
An attacker on your network could gain unauthorized access to the MXsecurity appliance and run arbitrary commands, potentially taking control of security functions, accessing protected assets, or disrupting network monitoring and enforcement capabilities.
Who's at risk
Network security appliances and industrial network monitoring tools. Any organization using Moxa MXsecurity Series for network access control, packet inspection, or industrial protocol filtering should be concerned.
How it could be exploited
An attacker sends a specially crafted remote request to the MXsecurity device to bypass authentication controls and inject arbitrary commands. No valid credentials or prior network authentication is required. Once command execution is achieved, the attacker has full control of the security appliance.
Prerequisites
  • Network access to the MXsecurity device (port and service unspecified in advisory)
  • No authentication required
Remotely exploitableNo authentication requiredLow complexity attackAffects security appliance (not a sensor but a control point)Public disclosure (CISA ICS advisory)
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
MXsecurity Series Software:Version v1.0v1.0.1 or higher
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGRestrict network access to MXsecurity devices—do not expose to the Internet and place behind a firewall
HARDENINGIsolate the MXsecurity appliance from business networks on a separate security zone or DMZ
WORKAROUNDIf remote access to MXsecurity is required, use a VPN with current security patches and verify all connected devices are patched
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MXsecurity Series Software to version v1.0.1 or higher
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c266d63c-9256-4c6c-abdc-a9bba2c084d6
Moxa MXsecurity Series | CVSS 9.8 - OTPulse