The vulnerabilities affect Moxa devices and a number of obsolete software components.
Nearly 60 vulnerabilities have been identified in equipment for use in rail transport by the Taiwanese company Moxa, including an issue allowing control over a vulnerable device.
The vulnerabilities discovered by SEC Consult affect Moxa devices and a number of legacy software components, including the GNU C Library (glibc), DHCP client in BusyBox, Dropbear SSH software, Linux kernel and OpenSSL.
Moxa devices contain two issues: a command injection vulnerability (CVE-2021-39279), which allows an authorized hacker to compromise the device’s operating system, and an XSS vulnerability (CVE-2021-39278), which can be exploited by sending a malicious configuration file.
Problems affect the TAP-323, WAC-1001 and WAC-2004 series of universal access points and wireless access controllers. The manufacturer has already released fixes for the TAP-323 and WAC-1001 series, but updates for the WAC-2004 series devices are not provided due to the end of support.
Although the experts have not investigated the possibility of using CVE-2021-39279 and CVE-2021-39278 together, they believe it is possible. To exploit the vulnerabilities, an attacker would need to perform an XSS attack, obtain the credentials required for authorization, and then exploit the command injection vulnerability.
Regarding the risk to rail transport and railroad operations, the researchers noted that the degree of damage that a hacker can cause by his actions is difficult to assess. It depends on the “criticality of the messages transmitted through the device,” experts say.
Samsung Galaxy S22 lights up in the benchmark: 8 GB of RAM, Android 12 and very low performance
At the beginning of this week, the promising flagship Samsung Galaxy S22 on the Exynos 2200 platform was lit up...
The all-new iPad mini is already on sale with a new design, improved cameras, iPadOS 15, USB-C, and 5G support
Apple unveiled the new iPad Mini this week with a fresh design, thinner bezels and a larger display, as well...
IPad apps can now use up to 12GB instead of 5GB of RAM
Apple has decided to increase the limit on the use of RAM in iPads with the release of the iPadOS...
OnePlus 9 and OnePlus 9 Pro get an unusual Hasselblad XPan camera mode with an aspect ratio of 65:24
OnePlus has begun rolling out update 126.96.36.199 for the OnePlus 9 and OnePlus 9 Pro, which adds a new camera...