CVE-2019-6522 – This vulnerability in Moxa IKS and EDS industri... (How to Fix)

Q: What is the severity of CVE-2019-6522?

CVE-2019-6522 has a CVSS score of 9.1 (CRITICAL). This vulnerability in Moxa IKS and EDS industrial switches allows attackers to read arbitrary device memory due to improper array bounds checking. Attackers can potentially retrieve sensitive data or cause device reboots, affecting organizations using these industrial networking devices.

📋 TL;DR

This vulnerability in Moxa IKS and EDS industrial switches allows attackers to read arbitrary device memory due to improper array bounds checking. Attackers can potentially retrieve sensitive data or cause device reboots, affecting organizations using these industrial networking devices.

💻 Affected Systems

Products:

Moxa IKS-G6824A Series
Moxa EDS-405A Series
Moxa EDS-408A Series
Moxa EDS-510A Series

Versions: Firmware versions prior to 3.8

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing data exfiltration, denial of service, and potential lateral movement within industrial control systems.

🟠

Likely Case

Sensitive data leakage and device instability leading to operational disruption in industrial environments.

🟢

If Mitigated

Limited impact if devices are isolated and have proper network segmentation.

🌐 Internet-Facing: HIGH - Industrial devices often have web interfaces and may be exposed to internet.

🏢 Internal Only: MEDIUM - Still significant risk from internal threats or compromised systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to device but no authentication. Memory reading requires specific knowledge of device architecture.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 3.8

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/moxa-iks-and-eds-series-industrial-ethernet-switches-vulnerabilities

Restart Required: Yes

Instructions:

1. Download firmware version 3.8 from Moxa website. 2. Backup current configuration. 3. Upload new firmware via web interface or CLI. 4. Reboot device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules.

Access Control Lists

all

Implement ACLs to restrict access to device management interfaces.

access-list 100 deny ip any host <device_ip>
access-list 100 permit ip any any

🧯 If You Can't Patch

Implement strict network segmentation to isolate devices from untrusted networks
Monitor network traffic to/from affected devices for unusual patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > System Information) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify firmware version is 3.8 or later using same methods as checking vulnerability

📡 Detection & Monitoring

Log Indicators:

Multiple failed memory access attempts
Unexpected device reboots
Unusual memory read patterns

Network Indicators:

Unusual traffic to device management ports (80, 443, 23)
Memory read requests to unusual addresses

SIEM Query:

source_ip=* AND dest_ip=<device_ip> AND (port=80 OR port=443 OR port=23) AND bytes_transferred>threshold

📊 Metadata

CVE ID: CVE-2019-6522

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: March 5, 2019

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/107178 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/107178 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-6522, you might also want to check these: