Product support

Security Advisories

SUMMARY

EDS-405A Series, EDS-408A Series, EDS-510A Series, and IKS-G6824A Series Ethernet Switches Vulnerabilities

  • Version: 1.1
  • Release Date: Feb 01, 2019
  • Reference:
    • CVE-2019-6518, CVE-2019-6563, CVE-2019-6526, CVE-2019-6524, CVE-2019-6559, CVE-2019-6557, CVE-2019-6522, CVE-2019-6565, CVE-2019-6520, CVE-2019-6561

Multiple product vulnerabilities were identified in Moxa’s EDS-405A Series, EDS-408A Series, EDS-510A Series, and IKS-G6824A Series Ethernet Switches. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

EDS-405A Series, EDS-408A Series, and EDS-510A Series

Item Vulnerability Type Impact
1

Plain text storage of a password

(CVE-2019-6518)

Moxa EDS industrial switches store plaintext passwords, which would be exposed by read raw configuration function of proprietary protocol.
2

Predictable session ID

(CVE-2019-6563)

Moxa EDS industrial switches web server cookie value is not generated with proper encryption. Therefore, an attacker can still reuse it to recover the administrator's password.
Note: EDS-510A users do not need to upgrade the patched firmware; please visit the Solutions section for the mitigation.
3

Missing encryption of sensitive data

(CVE-2019-6526)

The proprietary management protocols that are used by Moxa EDS industrial switches may be exploited to reveal an administrative password.
4

Improper restriction of excessive authentication attempts

(CVE-2019-6524)

Moxa EDS industrial switches do not implement sufficient measures to prevent multiple failed authentication attempts, which makes the switches susceptible to brute force attacks.
5

Resource exhaustion

(CVE-2019-6559)

Moxa EDS industrial switches use proprietary protocols, which allow authenticated users with remote access to cause a denial of service via a specially crafted packet.

 

IKS-G6824A Series

Item Vulnerability Type Impact
1

Buffer overflow in account setting parameters

(CVE-2019-6557)

Improper calculation of length of cookie value leads to stack overflow, which gives an attacker an ability to cause device reboot or perform code execution.
2

Buffer overflow in multiple parameters

(CVE-2019-6557)

Several buffer overflow vulnerabilities can be caused by copying the unregulated contents of specific parameters, which in turn may allow remote code execution or cause device reboot.
3

Read device memory

(CVE-2019-6522)

Failure to properly check array bounds gives attackers the ability to read device memory on arbitrary addresses.
4

Failure to handle corrupted OSPF packets

(CVE-2019-6559)

Sending malformed OSPF Hello packets to a vulnerable device results in the device rebooting after 2 or 3 minutes.
5

Multiple XSS

(CVE-2019-6565)

Failure to properly validate user input gives unauthenticated and authenticated attackers the ability to perform XSS attacks on users.

6

Improper web interface access control

(CVE-2019-6520)

The switch has a management web interface. However, the authority is not properly checked from the server side, which results in read-only users being able to alter configurations.

7

Cross-Site Request Forgery

(CVE-2019-6561)

Cross-Site Request Forgery (CSRF) occurs when an attacker uses a web browser that has already been authenticated by a user to target a web application.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
EDS-405A Series Firmware Version 3.8 or lower
EDS-408A Series Firmware Version 3.8 or lower
EDS-510A Series Firmware Version 3.8 or lower
IKS-G6824A Series Firmware Version 4.5 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
EDS-405A, EDS-408A, and EDS-510A Series

For all vulnerabilities, customers can request a patch firmware. Please contact Moxa Technical Support for assistance.

For vulnerabilities 1, 3, 4, and 5, the security patch is added with Encrypted type Moxa service with an enable/disable button on the GUI. After the patch has been upgraded, users can disable “Moxa Service” and enable “Moxa Service (Encrypted)” to eliminate this risk.

For vulnerability 2, after users have installed the patch, they should set the web configuration as ‘https only’.

IKS-G6824A Series
For all vulnerabilities, customers can request a patch firmware. Please contact Moxa Technical Support for assistance.

For vulnerability 7, after users have installed the patch, they should use a recommended browser, listed below, to prevent forgery attacks.
 
Recommended browsers: Firefox v60 or later or Opera v39 or later.

 

Acknowledgment

We would like to thank Ivan B, Vyacheslav Moskvin and Sergey Fedonin from Positive Technologies as well as Ilya Karpov, Evgeny Druzhinin and Georgy Zaytsev for reporting the vulnerabilities, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Feb 01, 2019
1.1 1. Added CVE-ID for each vulnerability
2. Fine-tuned the description of vulnerabilities 1, 2, and 3 on the EDS-405A, EDS-408A, and EDS-510A Series
3. Fine-tuned the solution descriptions
Jul 16, 2019

 

Relevant Products

EDS-405A Series · EDS-408A Series · EDS-510A Series · IKS-G6824A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag