According to a new report by Applied Risk conducted by security researcher Alexandru Ariciu, “multiple vulnerabilities were found in MOXA E1242 Ethernet remote I/O series used in factory automation.” The vulnerabilities can trigger code injection in the web application, and in other cases concern weak password policies and implementation. Fortunately, there are no known public exploits that target these vulnerabilities, the researcher says.
How Severe Are the Vulnerabilities?
One of the issues is found in the devices’ web application that fails to sanitize user input. This can lead to JavaScript injection in the webpage. Eventually, the exploit could enable an attacker to execute arbitrary code in the user’s browser upon visiting the webpage.
An attacker can exploit this by visiting the affected web pages and modifying the parameters that were found to be vulnerable to this attack. The changes to this parameter are permanent, thus any user visiting the infected web page after the attacker will be at risk.
Another problem concerns the passwords which are sent via the HTTP GET method. The md5 hash of the password employed for authentication on the device is sent as a parameter in each GET request to the server, which is believed to be a bad practice. Why? An attacker can deploy a MiTM attack and bypass the authentication mechanism.
The password that is used to authenticate users to the system is truncated to 8 characters. An user trying to use a longer password will have its password cut down to the first 8 characters. Also, the MD5 hash challenge that is created for authentication and is later used in all GET requests will be created using these first 8 characters.
The researcher adds that this behavior is accepted as insecure, as it does not provide sufficient protection to the passwords used by the user and also forces the user to use simple passwords that can be easily bypassed.
Fortunately, MOXA addressed the reported vulnerabilities by releasing a firmware update for the affected devices, available here.
Automation Industries Flaws Are Mostly Proof-of-Concept
In a conversation with SCMagazine, Mark James from ESET shared that a prevalent number of the flaws in the automation industry are proof of concept.
Automation often involves heavy equipment doing precision work and if it fails it could cause thousands of pounds of damage. If that equipment were to go wrong around or close to humans then there is always the potential of injury or even death.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: