Moxa AWK-3121 (ICSA-19-337-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on cleartext transmission of sensitive information, improper access control, sensitive cookie without ‘HTTPONLY’ flag, improper restriction of operations within the bounds of a memory buffer, CSRF, command injection, and cross-site scripting vulnerabilities in Reliable Controls LicenseManager. Versions 1.14 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to view sensitive information, cause availability issues, and execute remote code. Moxa notes this device has reached end of life and has been replaced by model AWK-1131A. Moxa recommends users apply the latest security patch. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.