The vulnerability was found in the NPort W2150a and W2250a converters. These devices allow industrial controllers, meters, and sensors to connect to a local Wi-Fi network. Wireless access is necessary to control equipment located, for example, on moving objects (containers, elevators, robots) or in aggressive environments (chemical and metallurgical plants). The vendor was notified of the threat in line with the responsible disclosure policy and released a software patch.

"When in the same network as the vulnerable Moxa NPort W2150a or W2250a converter, an attacker could execute arbitrary code on the device without authorization and gain full access to it. All it would take is a single special request. By controlling the converters, an attacker could send commands to connected industrial controllers and other equipment, leading to disruption or alteration in the technological process,” said Vladimir Razov, a specialist in the web application security analysis group at Positive Technologies. 

Vulnerability CVE-2024-1220 was rated 8.2 on the CVSS v3.1 scale, indicating a high level of risk.

The flaw was detected in the devices' internal firmware version 2.3. Installing the latest firmware version will fix the vulnerability.

To detect attempts to exploit vulnerabilities in industrial control systems, Positive Technologies offers PT Industrial Security Incident Manager, a system for deep analysis of technological traffic. PT ISIM recognizes communication protocols of Moxa converters, analyzes commands, and informs the security service of suspicious and dangerous events.

Positive Technologies and Moxa have been working in collaboration for several years. In 2019, thanks to Positive Technologies' expertise, over a dozen dangerous vulnerabilities in Moxa industrial Ethernet switches were eliminated; these vulnerabilities could have disrupted the network interaction of ICS components and negatively impacted the technological process.

Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 3,300 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only cybersecurity company in Russia to have gone public on the Moscow Exchange (MOEX: POSI), with 170,000 shareholders and counting. Follow us in the News section at ptsecurity.com.

Media Contact
Ziad Baig
ziad@activedmc.com