Moxa has recently fixed two serious vulnerabilities in its MXsecurity product, which could have been exploited by malicious hackers targeting operational technology (OT) networks. MXsecurity is an industrial network security management software designed specifically for OT environments. Security researcher Simon Janz discovered that the product is affected by a critical vulnerability that can be exploited remotely to bypass authentication (CVE-2023-33235) and a high-severity flaw in the SSH command-line interface that can lead to remote command execution (CVE-2023-33236). Moxa addressed these security issues with the release of version 1.0.1.
The industrial networking, computing and automation solutions provider has published an advisory outlining the vulnerabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Zero Day Initiative (ZDI) have also released advisories for the two bugs. CISA noted that the impacted product is used globally in multiple sectors. A Chinese researcher appears to have discovered the same vulnerabilities and disclosed technical details last week.
The critical vulnerability is present in the configuration of the MXsecurity web-based interface and is linked to a hardcoded JWT secret. Janz explained that an attacker could leverage the hardcoded secret key to forge valid JWT tokens and gain access to the web panel with admin privileges. The researcher did not spend time trying to determine what an attacker could actually do with this access, but suggested that chaining it with other vulnerabilities, such as a server-side request forgery (SSRF) flaw, could lead to arbitrary code execution.
In the case of the high-severity vulnerability, the researcher pointed out that an attacker would need to know or guess SSH admin credentials for exploitation. Once authenticated, the attacker can execute arbitrary commands and gain a foothold in the targeted network.