The Sentryo Security Labs carried out a security analysis on a client’s MOXA EDS-G512E industrial ethernet switch, interconnected to Sentryo’s ICS CyberVision solution. For two whole days, the Security Labs put the industrial ethernet switch through a series of tests (anti-intrusion evaluations and tests) in order to evaluate its degree of resistance in the event of a cyberattack.
The goal of this operation was twofold: improve the security level of an industrial ethernet switch by informing the manufacturer of its vulnerabilities and add the vulnerabilities found to Sentryo’s ICS CyberVision solution as quickly as possible.
The MOXA EDS-G512E switch
With the V5.1 16072215 firmware, the evaluation found various vulnerabilities in the MOXA EDS-G512E switch. Following the evaluation, Sentryo published 6 common vulnerabilities and exposures reports (CVE). Three of these require special attention:
- CVE-2017-13703 is linked to a vulnerability that could, if exploited, lead to a denial-of-service for the entire industrial switch and hence its communications.
- CVE-2017-13702 is linked to the management of session cookies which is not sufficiently secure. They are not protected against theft, manipulation and reuse.
- CVE-2017-13700 is linked to multiple XSS flaws found that expose the admin interface of the switch to the injection of malicious client-side code.
Patches for industrial switch vulnerabilities
As a result of these findings, we contacted MOXA equipment manufacturers to notify them and help them improve the security of their products. Recommendations as well as a patch are now available to correct these flaws.
We urge all industrial companies using the MOXA EDS-512E switch to quickly patch the vulnerabilities to prevent cyberattackers from exploiting these flaws.
To obtain the patch directly, contact MOXA support via their website.
You can subscribe to Moxa’s Security Advisory page at the following link: https://www.moxa.com/support/faq/faq.aspx
Last, you can also subscribe to Moxa’s RSS feed and receive up-to-date information from Security Advisory:
- Moxa RSS feed: https://www.moxa.com/news_events/RSS.aspx
- Security Advisory RSS feed: https://www.moxa.com/RSS/Security_advisory.xml
Consult the complete analysis of the MOXA EDS-512E industrial switch carried out by the Sentryo Security Labs: