Connect with us

Vulnerabilities in Moxa devices pose a risk to rail transport



The vulnerabilities affect Moxa devices and a number of obsolete software components.

Nearly 60 vulnerabilities have been identified in equipment for use in rail transport by the Taiwanese company Moxa, including an issue allowing control over a vulnerable device.

The vulnerabilities discovered by SEC Consult affect Moxa devices and a number of legacy software components, including the GNU C Library (glibc), DHCP client in BusyBox, Dropbear SSH software, Linux kernel and OpenSSL.

Moxa devices contain two issues: a command injection vulnerability (CVE-2021-39279), which allows an authorized hacker to compromise the device’s operating system, and an XSS vulnerability (CVE-2021-39278), which can be exploited by sending a malicious configuration file.

Problems affect the TAP-323, WAC-1001 and WAC-2004 series of universal access points and wireless access controllers. The manufacturer has already released fixes for the TAP-323 and WAC-1001 series, but updates for the WAC-2004 series devices are not provided due to the end of support.

Although the experts have not investigated the possibility of using CVE-2021-39279 and CVE-2021-39278 together, they believe it is possible. To exploit the vulnerabilities, an attacker would need to perform an XSS attack, obtain the credentials required for authorization, and then exploit the command injection vulnerability.

Regarding the risk to rail transport and railroad operations, the researchers noted that the degree of damage that a hacker can cause by his actions is difficult to assess. It depends on the “criticality of the messages transmitted through the device,” experts say.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Latest News