Login Sign Up

CVE-2018-18395

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2018-18395 is an authentication bypass vulnerability in Moxa ThingsPro IIoT Gateway and Device Management Software that allows attackers to access hidden tokens and gain unauthorized system access. This affects organizations using Moxa's industrial IoT gateway solutions for device management. Attackers can exploit this to compromise industrial control systems and connected devices.

💻 Affected Systems

Products:
  • Moxa ThingsPro IIoT Gateway
  • Moxa ThingsPro Device Management Software
Versions: Version 2.1
Operating Systems: Linux-based embedded systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default installations of ThingsPro IIoT gateway software. Industrial environments with these gateways deployed are at risk.

📦 What is this software?

Thingspro by Moxa

View all CVEs affecting Thingspro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems, unauthorized access to critical infrastructure, data exfiltration, and potential physical damage to industrial processes.

🟠

Likely Case

Unauthorized access to gateway management interfaces, configuration changes, data theft, and lateral movement within industrial networks.

🟢

If Mitigated

Limited impact with proper network segmentation, access controls, and monitoring in place, though authentication bypass remains possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability involves accessing hidden tokens without authentication, making exploitation straightforward once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.2 or later

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/moxa-thingspro-iiot-gateway-and-device-management-software-solutions-hidden-token-access-vulnerability

Restart Required: Yes

Instructions:

1. Download the latest version from Moxa's official website. 2. Backup current configuration. 3. Install the update following Moxa's upgrade guide. 4. Restart the gateway/software. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Moxa gateways from untrusted networks and restrict access to management interfaces.

Access Control Lists

linux

Implement strict firewall rules to limit access to gateway management ports.

iptables -A INPUT -p tcp --dport [management_port] -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [management_port] -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected systems from production networks
  • Deploy intrusion detection systems to monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check the software version via the web interface or SSH: cat /etc/thingspro/version

Check Version:

cat /etc/thingspro/version

Verify Fix Applied:

Verify version is 2.2 or higher and test authentication requirements for all management endpoints

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to hidden endpoints
  • Authentication bypass logs
  • Unexpected token generation or usage

Network Indicators:

  • Unusual traffic to gateway management ports from unauthorized sources
  • HTTP requests to hidden API endpoints

SIEM Query:

source="moxa_gateway" AND (event_type="auth_failure" OR uri="/hidden/*")

📊 Metadata

CVE ID: CVE-2018-18395
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: October 19, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON