Industrial Network Switches Rife with Vulnerabilities

Industrial switches used to build networks in the oil and gas and maritime logistics sectors, as well as broader critical national infrastructure (CNI) are rife with security vulnerabilities, according to cybersecurity company Positive Technologies.

The Framingham, Massachusetts-based company said it had identified five vulnerabilities in US-based Moxa’s EDS-405A, EDS-408A, and EDS-510A series switches, including three that are “highly dangerous” and seven in the IKS-G6824A switches.

These include the default plain text storage of passwords, improper web interface access control that allows ostensibly “read-only” users to alter configurations, and web server cookie value that is not generated with proper encryption, so attackers can reuse it to recover an administrator’s password, and worse.

Read more…
Source: CBR