Sign In
Home Security Advisories ioLogik E1200 Series and ioLogik E2200 Series Controllers and I/O Vulnerabilities

Product support

Security Advisories

Please sign in

Forgot your password?
Sign In
Remember Me.
Not a member? Sign up now
SUMMARY

ioLogik E1200 Series and ioLogik E2200 Series Controllers and I/O Vulnerabilities

  • Version: 1.0
  • Release Date: Aug 19, 2016
  • Reference:
    • CVE-2016-8359, CVE-2016-8372, CVE-2016-8379,CVE-2016-8350

Multiple product vulnerabilities were identified in Moxa’s ioLogik E1200 Series and ioLogik E2200 Series Controllers and I/O. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Multiple Stored Cross Site Scripting - XSS (CWE-79), CVE-2016-8359 An authenticated user can execute arbitrary code from the web console.
2 Password sent via HTTP GET method (CWE-522), CVE-2016-8372 In the HTTP web console, the password is not encrypted during the HTTP get request.
3 Password truncation (CWE-521), CVE-2016-8379 With a brute force attack tool, it is possible to guess simple passwords. (e.g. password 12345678 or abcd1234)
4 Missing CSRF Protection (CWE-352), CVE-2016-8350 An attacker may send requests by making a legitimate user click on a link.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products

The affected products and firmware versions are shown below.

Product Series Affected Version
ioLogki E1210 Series Firmware Version 2.9 or prior
ioLogki E1212 Series Firmware Version 2.9 or prior
ioLogki E1214 Series Firmware Version 2.9 or prior
ioLogki E1240 Series Firmware Version 2.9 or prior
ioLogki E1242 Series Firmware Version 2.9 or prior
ioLogki E1260 Series Firmware Version 2.9 or prior
ioLogki E1262 Series Firmware Version 2.9 or prior
ioLogki E2210 Series Firmware Version 3.12 or prior
ioLogki E2212 Series Firmware Version 3.13 or prior
ioLogki E2214 Series Firmware Version 3.11 or prior
ioLogki E2240 Series Firmware Version 3.11 or prior
ioLogki E2242 Series Firmware Version 3.11 or prior
ioLogki E2260 Series Firmware Version 3.12 or prior
ioLogki E2262 Series Firmware Version 3.11 or prior

 

Solutions

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
ioLogki E1210 Series Please download the new firmware/software here.
ioLogki E1212 Series Please download the new firmware/software here.
ioLogki E1214 Series Please download the new firmware/software here.
ioLogki E1240 Series Please download the new firmware/software here.
ioLogki E1242 Series Please download the new firmware/software here.
ioLogki E1260 Series Please download the new firmware/software here.
ioLogki E1262 Series Please download the new firmware/software here.
ioLogki E2210 Series Please download the new firmware/software here.
ioLogki E2212 Series Please download the new firmware/software here.
ioLogki E2214 Series Please download the new firmware/software here.
ioLogki E2240 Series Please download the new firmware/software here.
ioLogki E2242 Series Please download the new firmware/software here.
ioLogki E2260 Series Please download the new firmware/software here.
ioLogki E2262 Series Please download the new firmware/software here.

 

Revision History

Version Description Release Date
1.0 First Release Aug 19, 2016

Relevant Products

ioLogik E1200 Series · ioLogik E2200 Series ·

  •   Print this page

  • Save
    You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
 
Added To Bag

View Bag
Feedback