Talos Vulnerability Report

TALOS-2022-1621

Moxa SDS-3008 Series Industrial Ethernet Switch web application information disclosure vulnerability

February 2, 2023

CVE Number

CVE-2022-40691

SUMMARY

An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

CONFIRMED VULNERABLE VERSIONS

The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.

Moxa SDS-3008 Series Industrial Ethernet Switch 2.1

PRODUCT URLS

SDS-3008 Series Industrial Ethernet Switch - <https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-smart-switches/sds-3008-series&gt;

CVSSv3 SCORE

5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Information Exposure

DETAILS

The SDS-3008 is an 8-port smart Ethernet switch designed for industrial environments. In addition to standard smart switch functionality such as IEEE 802.1Q VLAN, port mirroring and SNMP, the SDS-3008 also implements variations of EtherNet/IP, PROFINET and Modbus TCP to support management functions. The switch is primarily managed via a web application.

Appending the characters / or \ to the end of a URL for an .asp page will result in the page being returned with source code embeded in the response.

Exploit Proof of Concept

GET /auth/accountpassword.asp/

or

GET /auth/accountpassword.asp\

TIMELINE

2022-10-14 - Vendor Disclosure
2022-10-14 - Initial Vendor Contact
2023-02-02 - Public Release
2023-02-02 - Vendor Patch Release

Credit

Discovered by Patrick DeSantis of Cisco Talos.

---

Vulnerability Reports Next Report

TALOS-2022-1616

Previous Report

TALOS-2022-1618