Moxa NPort device flaw could expose critical infrastructure to devastating attack

Two potentially critical vulnerabilities that could allow threat actors to wreak havoc have been discovered in widely used industrial connected devices manufactured by Moxa.

The Taiwan-based provider of industrial networking and automation solutions has addressed these deficiencies.

The two security vulnerabilities, tracked as CVE-2022-2043 and CVE-2022-2044, rated "High Severity", affect Moxa's NPort 5110 device server, which is designed to connect serial devices toto the Ethernet network.A remote attacker could exploit these vulnerabilities to put a target device into a Denial of Service (DoS) state.

Moxa and the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) have issued advisories for these vulnerabilities.Moxa said only firmware version 2.10 was affected, and instructed customers to contact their technical support for assistance.CISA asked affected organizations to contact Moxa for security patches.

Moxa and CISA both praised Jens Nielsen, a researcher at Danish industrial cybersecurity firm En Garde Security, for reporting the vulnerabilities.

In a blog post published this week, En Garde Security owner Mikael Vingaard said his company's research department discovered the vulnerabilities in the first half of March 2022, when a proof-of-concept (PoC) was made available to the vendor.) script and a video showing the exploit.

Vingaard told us that while Moxa NPort devices should not be exposed to the Internet, many devices are actually accessible over the network.A Shodan search revealed over 5,000 devices, and while there may be some honeypots, they can't all be honeypots.

He said that exploiting the two flaws only requires a network connection to the target device.Exploits can be executed "in seconds" and can be automated over the internet.

Affected NPort devices are used worldwide, including in critical infrastructure sectors such as energy, critical manufacturing and transportation systems.There were reports that these types of equipment were targeted for sabotage in an attack on Ukraine's power grid in 2015, causing severe power outages.

Exploiting the vulnerabilities discovered by En Garde researchers could disrupt critical services in these sectors, Vingaard described vulnerable Moxa devices as "a small fraction of our society's vital infrastructure services."

He explained that the first DoS vulnerability could allow an attacker to make a target device stop responding to legitimate commands.

“The only way to regain control of the equipment is to have staff power off/on the equipment, which requires someone to be physically present,” “This can often cause problems in remote areas where it can take a significant amount of time to get people on site, andNot ideal in situations where time to regain control may be important."

The second vulnerability is an out-of-bounds issue where an attacker can access and/or overwrite elements on the device, resulting in data corruption or corruption.This renders the system inoperable and in some cases may cause permanent damage to the device.