ioLogik E1200: CVE-2023-5961 & CVE-2023-5962 – Vulnerabilities Open Doors to Hackers
In the realm of industrial automation, the ioLogik E1200 Series has emerged as a beacon of versatility and convenience, bridging the communication gap between Information Technology (IT) and Operational Technology (OT) engineers. This ingenious device, fluent in six different protocols, has been the linchpin for effortless data retrieval across diverse applications. However, two security vulnerabilities were found in these devices.
CVE-2023-5961: The Web Application Flaw (CVSS 8.8)
In the firmware versions v3.3 and earlier of the ioLogik E1200 Series, a menacing vulnerability was lurking, codenamed CVE-2023-5961. This flaw, with a CVSS score of 8.8, posed a substantial threat. It allowed an attacker to deceive a client into sending unintended requests to the web server, which were perceived as legitimate. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
CVE-2023-5962: The Stealthy Data Breach (CVSS 6.5)
Another flaw was CVE-2023-5962, a vulnerability found in the same firmware versions. With a CVSS score of 6.5, this vulnerability was a silent assailant capable of compromising the confidentiality of sensitive data. It gave attackers the power to gain unexpected authorization.
The discovery of these vulnerabilities can be credited to the security researcher Reza Rashidi from HADESS, who unveiled these weaknesses in the ioLogik E1200 Series. Moxa, the creator of this versatile device, quickly rose to the challenge, developing solutions to fortify these vulnerabilities.
In response to these revelations, Moxa endorses users to adhere to the recommendations set forth by the Cybersecurity and Infrastructure Security Agency (CISA). These include reducing network exposure by ensuring that control system devices are not accessible from the Internet and isolating control system networks behind robust firewalls. Furthermore, when remote access becomes a necessity, the use of Virtual Private Networks (VPNs) is advised, with an emphasis on keeping these VPNs updated to shield against potential vulnerabilities.