CVE-2023-28697 – Moxa MiiNePort E1 devices have an insufficient ... (How to Fix)

Q: What is the severity of CVE-2023-28697?

CVE-2023-28697 has a CVSS score of 9.8 (CRITICAL). Moxa MiiNePort E1 devices have an insufficient access control vulnerability that allows unauthenticated remote attackers to perform arbitrary system operations or disrupt services. This affects all organizations using vulnerable MiiNePort E1 devices, particularly those with internet-facing deployments. The vulnerability stems from missing authentication mechanisms for critical functions.

📋 TL;DR

Moxa MiiNePort E1 devices have an insufficient access control vulnerability that allows unauthenticated remote attackers to perform arbitrary system operations or disrupt services. This affects all organizations using vulnerable MiiNePort E1 devices, particularly those with internet-facing deployments. The vulnerability stems from missing authentication mechanisms for critical functions.

💻 Affected Systems

Products:

Moxa MiiNePort E1 Series

Versions: Firmware versions prior to v1.9

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Miineport E1 Firmware by Moxa

View all CVEs affecting Miineport E1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary commands, modify configurations, disrupt industrial operations, or use the device as a pivot point into industrial control networks.

🟠

Likely Case

Service disruption through device reboots or configuration changes, potentially causing industrial process interruptions or data loss.

🟢

If Mitigated

Limited impact if devices are isolated in segmented networks with strict firewall rules preventing external access.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing devices extremely vulnerable to automated attacks.

🏢 Internal Only: MEDIUM - Internal attackers or malware could still exploit this, but requires network access to the devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and minimal technical skill to exploit, making it attractive for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware v1.9

Vendor Advisory: https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf

Restart Required: Yes

Instructions:

1. Download firmware v1.9 from Moxa website. 2. Backup current configuration. 3. Upload firmware via web interface or CLI. 4. Reboot device. 5. Verify firmware version. 6. Restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MiiNePort E1 devices in separate VLANs with strict firewall rules preventing external access.

Access Control Lists

all

Implement network ACLs to restrict access to MiiNePort devices to authorized management IPs only.

🧯 If You Can't Patch

Segment devices in isolated networks with no internet access
Implement strict firewall rules allowing only necessary traffic from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > About) or CLI command 'show version'. If version is below 1.9, device is vulnerable.

Check Version:

show version

Verify Fix Applied:

Verify firmware version shows 1.9 or higher after update. Test that unauthenticated access to administrative functions is blocked.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to administrative endpoints
Unexpected configuration changes
Multiple failed authentication attempts followed by successful access

Network Indicators:

Unusual traffic patterns to device management ports
External IPs accessing device administrative interfaces
Traffic from unexpected geographic locations

SIEM Query:

source_ip=external AND dest_port=80,443 AND dest_ip=MiiNePort_device AND (uri_path CONTAINS "/admin" OR uri_path CONTAINS "/config")

📊 Metadata

CVE ID: CVE-2023-28697

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: April 27, 2023

Last Updated: November 21, 2024

🔗 References

https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf Release Notes
https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html Third Party Advisory
https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf Release Notes
https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28697, you might also want to check these: