CVE-2022-40691
An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Moxa SDS-3008 Series Industrial Ethernet Switch 2.1
SDS-3008 Series Industrial Ethernet Switch - https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-smart-switches/sds-3008-series
5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 - Information Exposure
The SDS-3008 is an 8-port smart Ethernet switch designed for industrial environments. In addition to standard smart switch functionality such as IEEE 802.1Q VLAN, port mirroring and SNMP, the SDS-3008 also implements variations of EtherNet/IP, PROFINET and Modbus TCP to support management functions. The switch is primarily managed via a web application.
Appending the characters / or \ to the end of a URL for an .asp page will result in the page being returned with source code embeded in the response.
GET /auth/accountpassword.asp/
or
GET /auth/accountpassword.asp\
2022-10-14 - Vendor Disclosure
2022-10-14 - Initial Vendor Contact
2023-02-02 - Public Release
2023-02-02 - Vendor Patch Release
Discovered by Patrick DeSantis of Cisco Talos.