A Positive Technologies expert has discovered a vulnerability in Moxa’s industrial wireless converters. Due to this bug, an attacker could gain full access to the equipment and interfere with the technological process.
The issue, identified as
These devices enable the connection of industrial controllers, meters, and sensors to a local Wi-Fi network. Wireless access is necessary for monitoring equipment located on moving objects (containers, elevators, robots) or in harsh environments (chemical and metallurgical production).
Vladimir Razov, a web application security analysis group specialist at Positive Technologies, reported that unauthorized attackers could execute arbitrary code to gain full access to the device if they were on the same network as the vulnerable Moxa NPort W2150a or W2250a converter.
“A single special request would be sufficient for this. By controlling the converters, an attacker could send commands to connected industrial controllers and other equipment, which could lead to a disruption or alteration of the technological process,” Razov explained.
The manufacturer was informed of the threat under the responsible disclosure policy, and Moxa has already releaseda software