Positive Technologies specialists found a vulnerability in Moxa devices

A Positive Technologies expert has discovered a vulnerability in Moxa’s industrial wireless converters. Due to this bug, an attacker could gain full access to the equipment and interfere with the technological process.

The issue, identified as CVE-2024-1220 (BDU:2024-01811), received a CVSS score of 8.2. The vulnerability was found in the NPort W2150a and W2250a converters.

These devices enable the connection of industrial controllers, meters, and sensors to a local Wi-Fi network. Wireless access is necessary for monitoring equipment located on moving objects (containers, elevators, robots) or in harsh environments (chemical and metallurgical production).

Vladimir Razov, a web application security analysis group specialist at Positive Technologies, reported that unauthorized attackers could execute arbitrary code to gain full access to the device if they were on the same network as the vulnerable Moxa NPort W2150a or W2250a converter.

“A single special request would be sufficient for this. By controlling the converters, an attacker could send commands to connected industrial controllers and other equipment, which could lead to a disruption or alteration of the technological process,” Razov explained.

The manufacturer was informed of the threat under the responsible disclosure policy, and Moxa has already releaseda software update for its devices.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment