By Eduard Kovacs on May 25, 2016 Several serious vulnerabilities affecting Moxa’s MiiNePort embedded serial device servers have been disclosed by ICS-CERT and the researcher who discovered the issues.
MiiNePort are embedded serial-to-Ethernet device server modules mainly deployed in the United States and Europe in the commercial facilities, critical manufacturing, energy and transportation sectors.
Security researcher Karn Ganeshen discovered that MiiNePort E1, E2 and E3 models are plagued by at least three vulnerabilities.
One of the flaws, tracked as CVE-2016-2286 and assigned a CVSS score of 7.5, has been described as a weak credentials management issue. The Moxa product is not protected by a password in its default configuration, allowing a remote attacker to gain full administrative access over HTTP or Telnet. Full Article
Unpatched Flaws Plague Moxa Connectivity Products
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.