A Google Photos flaw could expose your location
infosec

A Google Photos flaw could expose your location

A vulnerability in Google Photos, discovered by Imperva, a cyber-security software company, allows ...
Read More
infosec tweaks

What is spear phishing and how can we protect it

In our time, phishing attacks, also known as "phishing," are emerging as a growing threat. So it's very ...
Read More
infosec

Hackers-creators of famous Banking Trojans work together for the perfect attack!

Banking Trojans are popular in criminal systems, given the valuable data and financial service credentials that can ...
Read More
infosec

What are DoS attacks and what tools are being implemented?

Before the DDoS attacks occur, their predecessors, known as Denial of Service attacks (DoS), formed the ...
Read More
infosec rapidshare

NordVPN: The most reliable VPN service provider

Find Out the Best VPN Service on the Market What is a VPN A Virtual Private Network or VPN,
Read More
Latest Posts

Vulnerabilities in industrial Ethernet switches allow attacks from hackers

EthernetMultiple vulnerabilities have been identified on Moxa's industrial Ethernet switches, which allow hackers to take control of switches or denial-of-service attacks, according to Positive Technologies researchers. Switches are used in energy and transport infrastructure, so attacks on them can have serious consequences.

The Moxa EDS-405A, EDS-408A, EDS-510A and IKS-G6824A Ethernet switches have been found vulnerable. Based on the number and extent of vulnerabilities, little practical security measures were found in the design of managed switches, as passwords are stored in plain text, according to the survey.

For vulnerable EDS switches, the ID for the web interface is predictable, allowing easy retrieval of passwords. Similarly, the use of specific protocols allows for password recovery and denial-of-service attacks. EDS routers, furthermore, do not have "adequate measures," according to Moxa, to prevent multiple failed authentication efforts, making brute-force attacks possible.

In the IKS-G6824A series, according to the researchers, the most dangerous vulnerability "involves a cache overflow in the web interface. Violation may result in denial of service attack and possibly remote code execution. In the hands of hackers, the other vulnerabilities could cause permanent denial of service in the switch, reading the device's memory, doing various actions on the web interface as if it were the legitimate user, and much more. "

Moxa has issued firmware patches for affected switches, although they are not immediately available for downloading - needing technical support to download.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *