0-day vulnerabilities tracked as CVE-2022-2043 and CVE-2022-2044 affect NPort 5110 device servers designed to connect devices to Ethernet networks. Remote threat actors can exploit security vulnerabilities to trigger a Denial of Service (DoS) condition on targeted devices. Exploiting both vulnerabilities requires network connectivity to the targeted device. Moxa has stated that the vulnerabilities only affect Firmware 2.10.
Affected NPort devices are widely used in many industries worldwide, including critical infrastructure sectors such as energy, manufacturing, and transportation systems. There are also allegations and reports that the devices in question were manipulated in 2015 attack campaigns targeting Ukraine’s electricity grid, which resulted in significant power outages. In this context, in order not to be the target of potential attacks that can be carried out by targeting critical infrastructure, it is recommended to consider the following practices:
- Network exposure for all control system devices or systems should be minimized and ensured that they are not accessed over the Internet.
- When remote access is required, secure methods such as a Virtual Private Network (VPN) should be used;
- Control systems should be isolated from other networks against external attacks,
- Comprehensive network and security solutions should be deployed,
- It should be ensured that the systems being used are using the most current version available.