Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:10EA1EFD-6C95-4B64-9784-A817B1822004
HistoryDec 21, 2020 - 12:00 a.m.

Remote Code Execution Vulnerabilities in Secomea, Moxa, and HMS eWon VPNs

2020-12-2100:00:00
attackerkb.com
52
claroty
vpn
remote code execution
vulnerabilities
secomea
moxa
hms
ewon
industrial control systems
ot networks
cve-2020-14500
cve-2020-14508
cve-2020-14510
cve-2020-14512
cve-2020-14511
cve-2020-14498
rapid7 labs
patch
telnet administration ports

EPSS

0.005

Percentile

76.8%

JSON

Security researchers at Claroty published details on multiple pre-auth remote code execution vulnerabilities affecting virtual private network (VPN) implementations primarily used to provide remote access to operational technology (OT) networks. The vulnerabilities could allow unauthenticated attackers to execute arbitrary code.

Individual CVEs referenced in Claroty’s research include CVE-2020-14500, CVE-2020-14508, CVE-2020-14510, CVE-2020-14512, CVE-2020-14511, and CVE-2020-14498. Affected products include Secomea GateManager, Moxa EDR-G902/3 industrial VPN servers, and eWon by HMS Networks.

Recent assessments:

ccondon-r7 at July 30, 2020 3:06am UTC reported:

The exposed target population may be comparatively low to, say, the whole of the internet, but Rapid7 Labs has noted—rightly so—that a couple thousand exposed gateways is still a pretty concerning state of affairs when those gateways are protecting industrial control systems. Pre-authenticated RCE in VPN products guarding ICS/OT networks during a pandemic is, as the kids say, bad news bears—and that’s not to make light, because this ain’t light. The good news is that there are patches out for all these vulns, even though the downtime required to patch and verify effectively might be nothing to sneeze at. Longer analysis and recommendations by smart people here.

Researchers from around Rapid7’s world (and likely others, too!) have said today that there is likely lower-hanging fruit that will be surfaced in the coming days, particularly around nerve-wracking findings such as exposed Telnet administration ports. There’s a lot of well-justified attention on this grouping of vulns, and with that attention comes increased focus on attack opportunities in general…and the stuff we see clogging up our security noise machines won’t be the only stuff well-resourced attackers are paying attention to. Patch as soon as possible (and yep, easier said than done).

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 0

Related

threatpost 1
ics 3
thn 1
cve 6
cvelist 6
prion 6
nvd 6
nessus 1
attackerkb 2
cnvd 1
threatpost
threatpost
Critical Bugs in Utilities VPNs Could Cause Physical Damage
2020-07-29 18:02:03
ics
ics
Secomea GateManager
2020-07-28 12:00:00
Moxa EDR-G902 and EDR-G903 Series Routers
2020-07-14 12:00:00
HMS Industrial Networks eCatcher
2020-07-28 12:00:00
thn
thn
Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures
2020-07-29 11:12:00
cve
cve
CVE-2020-14510
2020-08-25 14:15:15
CVE-2020-14508
2020-08-25 14:15:15
CVE-2020-14512
2020-08-25 14:15:15
cvelist
cvelist
CVE-2020-14510 OFF-BY-ONE ERROR CWE-193
2020-08-25 13:19:33
CVE-2020-14500 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158
2020-08-25 13:12:30
CVE-2020-14512 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916
2020-08-25 13:20:49
prion
prion
Design/Logic Flaw
2020-08-25 14:15:00
Race condition
2020-08-25 14:15:00
Hardcoded credentials
2020-08-25 14:15:00
nvd
nvd
CVE-2020-14512
2020-08-25 14:15:15
CVE-2020-14510
2020-08-25 14:15:15
CVE-2020-14511
2020-07-15 13:15:10
nessus
nessus
Moxa EDR-G902 and EDR-G903 Series Routers Stack-Based Buffer Overflow (CVE-2020-14511)
2023-08-02 00:00:00
attackerkb
attackerkb
CVE-2020-14511
2020-07-15 00:00:00
CVE-2020-14500
2020-07-31 00:00:00
cnvd
cnvd
Moxa EDR-G902 and EDR-G903 Stack Buffer Overflow Vulnerability
2020-07-27 00:00:00

EPSS

0.005

Percentile

76.8%

JSON
Related for AKB:10EA1EFD-6C95-4B64-9784-A817B1822004
threatpost1ics3thn1cve6cvelist6prion6nvd6nessus1attackerkb2cnvd1