CVE-2019-18242

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Moxa ioLogik 2500 series devices allows denial of service attacks through web server crashes when receiving frequent multiple requests. It affects industrial control systems using these devices with vulnerable firmware and configuration utilities.

💻 Affected Systems

Products:

• Moxa ioLogik 2500 series
• IOxpress configuration utility

Versions: ioLogik 2500 firmware Version 3.0 or lower, IOxpress Version 2.3.0 or lower

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable by default.

📦 What is this software?

Iologik 2512 Firmware by Moxa

View all CVEs affecting Iologik 2512 Firmware →

Iologik 2512 Hspa Firmware by Moxa

View all CVEs affecting Iologik 2512 Hspa Firmware →

Iologik 2512 Hspa T Firmware by Moxa

View all CVEs affecting Iologik 2512 Hspa T Firmware →

Iologik 2512 T Firmware by Moxa

View all CVEs affecting Iologik 2512 T Firmware →

Iologik 2512 Wl1 Eu Firmware by Moxa

View all CVEs affecting Iologik 2512 Wl1 Eu Firmware →

Iologik 2512 Wl1 Eu T Firmware by Moxa

View all CVEs affecting Iologik 2512 Wl1 Eu T Firmware →

Iologik 2512 Wl1 Jp Firmware by Moxa

View all CVEs affecting Iologik 2512 Wl1 Jp Firmware →

Iologik 2512 Wl1 Jp T Firmware by Moxa

View all CVEs affecting Iologik 2512 Wl1 Jp T Firmware →

Iologik 2512 Wl1 Us Firmware by Moxa

View all CVEs affecting Iologik 2512 Wl1 Us Firmware →

Iologik 2512 Wl1 Us T Firmware by Moxa

View all CVEs affecting Iologik 2512 Wl1 Us T Firmware →

Iologik 2542 Firmware by Moxa

View all CVEs affecting Iologik 2542 Firmware →

Iologik 2542 Hspa Firmware by Moxa

View all CVEs affecting Iologik 2542 Hspa Firmware →

Iologik 2542 Hspa T Firmware by Moxa

View all CVEs affecting Iologik 2542 Hspa T Firmware →

Iologik 2542 T Firmware by Moxa

View all CVEs affecting Iologik 2542 T Firmware →

Iologik 2542 Wl1 Eu Firmware by Moxa

View all CVEs affecting Iologik 2542 Wl1 Eu Firmware →

Iologik 2542 Wl1 Eu T Firmware by Moxa

View all CVEs affecting Iologik 2542 Wl1 Eu T Firmware →

Iologik 2542 Wl1 Jp Firmware by Moxa

View all CVEs affecting Iologik 2542 Wl1 Jp Firmware →

Iologik 2542 Wl1 Jp T Firmware by Moxa

View all CVEs affecting Iologik 2542 Wl1 Jp T Firmware →

Iologik 2542 Wl1 Us Firmware by Moxa

View all CVEs affecting Iologik 2542 Wl1 Us Firmware →

Iologik 2542 Wl1 Us T Firmware by Moxa

View all CVEs affecting Iologik 2542 Wl1 Us T Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service preventing remote management and monitoring of industrial equipment, potentially disrupting operations.

🟠

Likely Case

Temporary web server crashes requiring manual intervention to restore management access.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - Directly exposed devices can be easily crashed by simple HTTP requests.

🏢 Internal Only: MEDIUM - Internal attackers or misconfigured systems could still cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request flooding can trigger the vulnerability without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ioLogik 2500 firmware Version 3.1 or higher, IOxpress Version 2.4.0 or higher

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/moxa-io-logik-2500-series-web-server-vulnerability

Restart Required: Yes

Instructions:

1. Download latest firmware from Moxa website. 2. Backup current configuration. 3. Upload and install new firmware via web interface. 4. Update IOxpress utility to latest version. 5. Verify functionality after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ioLogik devices on separate VLAN with strict firewall rules limiting HTTP access.

Rate Limiting

all

Implement network-level rate limiting for HTTP requests to ioLogik devices.

🧯 If You Can't Patch

• Implement strict network access controls allowing only trusted IPs to access web interface
• Disable web interface if not required and use alternative management methods

🔍 How to Verify

Check if Vulnerable:

Copy

Check firmware version via web interface: System > About. Verify version is 3.0 or lower.

Check Version:

Copy

No CLI command - check via web interface or IOxpress utility

Verify Fix Applied:

Copy

Confirm firmware version is 3.1 or higher and test web server stability under normal load.

📡 Detection & Monitoring

Log Indicators:

• Web server crash logs
• Multiple rapid HTTP requests from single source
• Service restart events

Network Indicators:

• High volume of HTTP requests to port 80/443
• Requests with abnormal patterns

SIEM Query:

Copy

source_ip=* AND dest_port=80 AND request_count>1000 WITHIN 60s

📊 Metadata

CVE ID: CVE-2019-18242

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-941

Published: March 24, 2020

Last Updated: November 21, 2024

🔗 References

• https://www.us-cert.gov/ics/advisories/icsa-20-056-02 Third Party Advisory,US Government Resource
• https://www.us-cert.gov/ics/advisories/icsa-20-056-02 Third Party Advisory,US Government Resource

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-18242, you might also want to check these:

CVE-2025-53899 7.2

This vulnerability in Kiteworks MFT allows attackers with administrative privileges to intercept ups...

Same vulnerability type (CWE-941)