Moxa Moxa’s Response Regarding SSLv2 Vulnerabilities (DROWN, CVE-2016-0800)

Act Nowmoxas-response-regarding-sslv2-vulnerabilities-drownMar 31, 2016

Summary

Moxa has confirmed that some of its products are affected by the SSLv2 vulnerability CVE-2016-0800, also known as DROWN. This vulnerability allows attackers to decrypt SSL/TLS traffic and extract sensitive data including passwords and encryption keys from affected systems. Moxa's Cyber Security Response Team is investigating the issue and will provide updates on affected products and remediation status.

What this means

What could happen

An attacker with network access to a Moxa device running SSLv2 could decrypt SSL/TLS traffic to extract sensitive data such as passwords and encryption keys. This could compromise remote access credentials, VPN sessions, and encrypted communications to PLCs or other control devices.

Who's at risk

Industrial facilities using Moxa network devices (serial device servers, industrial switches, cellular gateways, wireless access points) for remote management or data collection should review their inventory. This affects any Moxa product that provides SSL/TLS services, including those used for remote VPN access, web-based device management, or encrypted tunnel communication between PLCs and control systems.

How it could be exploited

An attacker performs a DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack by forcing SSL/TLS connections to downgrade to SSLv2, which contains cryptographic weaknesses that allow the attacker to decrypt previously captured traffic or perform real-time decryption of network communications to or from the device.

Prerequisites

Network access to the affected Moxa device on port 443 or the port it uses for SSL/TLS communications
SSLv2 must be enabled on the device (Moxa devices may have this enabled by default)
For real-time attacks: ability to intercept and capture network traffic

Remotely exploitableHigh EPSS score (90.3%)No patch availableDefault configuration may allow exploitation

Exploitability

High exploit probability (EPSS 90.3%)

Affected products (1)

ProductAffected VersionsFix Status

Moxa’s Response Regarding SSLv2 Vulnerabilities (DROWN, CVE-2016-0800)All versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable SSLv2 on all affected Moxa devices if a configuration option exists

HARDENINGImplement a firewall rule or network access control to restrict SSL/TLS connections to port 443 (or the device's SSL port) to only trusted engineering workstations and management systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXMonitor vendor advisories for firmware patches that disable SSLv2 or upgrade to TLS 1.2 or higher

HARDENINGRotate passwords and encryption keys used with affected Moxa devices after SSLv2 is disabled

Long-term hardening

0/1

HARDENINGSegment Moxa devices to a separate OT network with restricted outbound access to prevent attackers from capturing encrypted sessions remotely

CVEs (1)

CVE-2016-0800

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a0fbaa4c-720c-4ff6-94c1-9fcf214d865b