Vulnerabilities found in Moxa device, can allow attackers to cause disruption

On Thursday, two crucial flaws were discovered in the industrial connectivity device made by Moxa that can let hackers cause significant disruption.

The Taiwan-based industrial networking and automation solutions provider has addressed the flaws.

The two security holes tracked as CVE-2022-2043 and CVE-2022-2044 and rated high severity, impacts Moxa’s NPort 5110 device servers, which are planned for connecting serial devices to Ethernet networks. The flaws can be exploited by a hacker to cause the targeted device to enter a denial of service (DoS) condition.

Moxa and the US Cybersecurity and Infrastructure Security Agency (CISA) release advisories for the vulnerabilities. Moxa claims that only firmware version 2.10 is impacted and instructed customers to contact the tech support department for help.

CISA told impacted organizations to contact Moxa for a security patch. Moxa and CISA have credited, a researcher at Denmark-based industrial cybersecurity company En Garde Security, Jens Nielsen for reporting the vulnerabilities.

En Garde Security owner Mikael Vingaard says that his company’s research department found the vulnerabilities in the first half of March 2022, when the vendor was provided with proof-of-concept (PoC) scripts and videos that show exploitation.

While Moxa NPort devices should not be exposed to the internet, in reality, many are accessible from the web, Vingaard told SecurityWeek. A Shodan search shows that more than 5,000 devices and while there may be some honeypots, Vingaard believes that they all cannot be honeypots.