Kaspersky Lab specialists found seven vulnerabilities in ThingsPro Suite – a IIoT-gateway and Moxa device manager. This product is intended for data acquisition from technological network devices using Modbus / RTU and Modbus / TCP protocols. Some of the identified vulnerabilities may allow attackers to gain privileged access to the gateway and execute arbitrary commands on it. According to experts, to detect and exploit these problems, attackers do not have to possess deep technical knowledge and skills.
According to experts from Kaspersky Lab ICS CERT, the exploitation of detected vulnerabilities allows a remote attacker (provided that the ThingsPro Suite administration panel is available) to completely seize control of the device and elevate privileges to maximum. And for this, he will not need to pre-steal authentication data. Moreover, the use of the identified gaps can be automated for mass attacks on ThingsPro devices connected to the technological networks of various organizations (including industrial).
“Moxa is a large manufacturer with a good reputation. However, despite the experience and high level of expertise of the company, its new product, designed for use in the infrastructures of the industrial Internet of things, had a number of annoying security problems. Unfortunately, we have to recognize this as part of the overall picture – for a number of reasons, the developers of systems for IoT and IIoT do not pay due attention, in our opinion, to protecting them against potential cyber threats. We appeal to all developers of such products to reconsider their assessment of the importance of this problem, ”said Alexander Nochvay, expert of ICS CERT at Kaspersky Lab on finding vulnerabilities.
The manufacturer was immediately informed about the problems found, and now all the discovered gaps have already been fixed.