The vulnerability was found in the NPort W2150a and W2250a converters. These devices allow industrial controllers, meters, and sensors to connect to a local Wi-Fi network. Wireless access is necessary to control equipment located, for example, on moving objects (containers, elevators, robots) or in aggressive environments (chemical and metallurgical plants). The vendor was notified of the threat in line with the responsible disclosure policy and released a software patch.
“When in the same network as the vulnerable Moxa NPort W2150a or W2250a converter, an attacker could execute arbitrary code on the device without authorisation and gain full access to it. All it would take is a single special request. By controlling the converters, an attacker could send commands to connected industrial controllers and other equipment, leading to disruption or alteration in the technological process,” said Vladimir Razov, a specialist in the web application security analysis group at Positive Technologies.
Vulnerability CVE-2024-1220 was rated 8.2 on the CVSS v3.1 scale, indicating a high level of risk.
The flaw was detected in the devices’ internal firmware version 2.3. Installing the latest firmware version will fix the vulnerability.
To detect attempts to exploit vulnerabilities in industrial control systems, Positive Technologies offers PT Industrial Security Incident Manager, a system for deep analysis of technological traffic. PT ISIM recognises communication protocols of Moxa converters, analyses commands, and informs the security service of suspicious and dangerous events.
Positive Technologies and Moxa have been working in collaboration for several years. In 2019, thanks to Positive Technologies’ expertise, over a dozen dangerous vulnerabilities in Moxa industrial Ethernet switches were eliminated; these vulnerabilities could have disrupted the network interaction of ICS components and negatively impacted the technological process.
Discussion about this post