Moxa NPort Bug: Remote Code Execution Possible

Moxa expressed its gratitude to the experts at Positive Technologies for identifying a dangerous vulnerability in the NPort series of wireless industrial converters. Classified as CVE-2024-1220, this vulnerability was rated as high risk with a CVSS score of 8.2 and allowed malicious actors to execute arbitrary code on the affected devices.

The NPort W2150a and W2250a converters are designed to connect industrial controllers, meters, and sensors to a local network via Wi-Fi. Such wireless communication is crucial for the remote monitoring and management of equipment situated on moving objects or in harsh production environments.

As Vladimir Razov, a web application security analysis expert at Positive Technologies, explained, this vulnerability permitted an attacker to gain complete control over a Moxa converter with just a single unauthorized request. Subsequently, the attacker could issue commands to controllers and devices connected to the converter, disrupting the normal operation of technological processes.

Following the responsible disclosure to the vendor, Moxa released a firmware update to mitigate the critical vulnerability in the internal software of devices running version 2.3. Developers strongly recommend users to upgrade their converters to the latest version.

The collaboration between Positive Technologies’ experts and Moxa has been ongoing for several years. In 2019, thanks to the research conducted by PT specialists, more than a dozen critical vulnerabilities were addressed in the vendor’s industrial Ethernet switches, which could have compromised the network interactions of SCADA system components.