Login Sign Up

CVE-2018-18393

9.8 CRITICAL

📋 TL;DR

CVE-2018-18393 is a critical password management vulnerability in Moxa ThingsPro IIoT Gateway and Device Management Software that allows attackers to bypass authentication and gain administrative access. This affects industrial control systems using Moxa's ThingsPro version 2.1 software. Attackers can exploit this to take complete control of IIoT gateways and management systems.

💻 Affected Systems

Products:
  • Moxa ThingsPro IIoT Gateway
  • Moxa ThingsPro Device Management Software
Versions: Version 2.1
Operating Systems: Linux-based embedded systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the default installation of ThingsPro 2.1. The vulnerability is in the password management mechanism.

📦 What is this software?

Thingspro by Moxa

View all CVEs affecting Thingspro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of IIoT infrastructure, allowing attackers to manipulate industrial processes, steal sensitive operational data, or disrupt critical industrial operations.

🟠

Likely Case

Unauthorized administrative access to IIoT gateways leading to data exfiltration, configuration changes, or lateral movement within industrial networks.

🟢

If Mitigated

Limited impact if systems are air-gapped, have strict network segmentation, and use additional authentication layers.

🌐 Internet-Facing: HIGH - Internet-facing IIoT gateways are directly exploitable without authentication.
🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows authentication bypass, making exploitation straightforward once the weakness is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.2 or later

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/moxa-thingspro-iiot-gateway-and-device-management-software-solutions-password-management-issue

Restart Required: Yes

Instructions:

1. Download ThingsPro version 2.2 or later from Moxa's official website. 2. Backup current configuration. 3. Apply the update following Moxa's upgrade guide. 4. Restart the system. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Isolation

all

Isolate affected systems from untrusted networks and implement strict firewall rules.

Access Control Lists

all

Implement strict network ACLs to limit access to ThingsPro management interfaces.

🧯 If You Can't Patch

  • Implement network segmentation to isolate affected systems from critical infrastructure
  • Deploy additional authentication mechanisms and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check the ThingsPro software version via the web interface or SSH. If version is 2.1, the system is vulnerable.

Check Version:

ssh admin@<ip> 'cat /etc/thingspro/version' or check via web interface at https://<ip>:8443

Verify Fix Applied:

Verify the software version is 2.2 or later and test authentication mechanisms.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful access
  • Unusual administrative activity from unexpected IP addresses
  • Configuration changes without proper authorization

Network Indicators:

  • Unauthorized access to ThingsPro management ports (8443/TCP)
  • Traffic patterns indicating authentication bypass

SIEM Query:

source="thingspro" AND (event_type="auth" AND result="success" AND user="admin" AND src_ip NOT IN [allowed_ips])

📊 Metadata

CVE ID: CVE-2018-18393
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: October 19, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON