As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

ioLogik E1200 Series and ioLogik E2200 Series Controllers and I/O Vulnerabilities

  • Security Advisory ID: MCSA-2017-001
  • Version: 1.0
  • Release Date: Aug 19, 2016
  • Reference:
    • CVE-2016-8359, CVE-2016-8372, CVE-2016-8379,CVE-2016-8350

Multiple product vulnerabilities were identified in Moxa’s ioLogik E1200 Series and ioLogik E2200 Series Controllers and I/O. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Multiple Stored Cross Site Scripting - XSS (CWE-79), CVE-2016-8359 An authenticated user can execute arbitrary code from the web console.
2 Password sent via HTTP GET method (CWE-522), CVE-2016-8372 In the HTTP web console, the password is not encrypted during the HTTP get request.
3 Password truncation (CWE-521), CVE-2016-8379 With a brute force attack tool, it is possible to guess simple passwords. (e.g. password 12345678 or abcd1234)
4 Missing CSRF Protection (CWE-352), CVE-2016-8350 An attacker may send requests by making a legitimate user click on a link.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products

The affected products and firmware versions are shown below.

Product Series Affected Version
ioLogik E1210 Series Firmware Version 2.9 or prior
ioLogik E1212 Series Firmware Version 2.9 or prior
ioLogik E1214 Series Firmware Version 2.9 or prior
ioLogik E1240 Series Firmware Version 2.9 or prior
ioLogik E1242 Series Firmware Version 2.9 or prior
ioLogik E1260 Series Firmware Version 2.9 or prior
ioLogik E1262 Series Firmware Version 2.9 or prior
ioLogik E2210 Series Firmware Version 3.12 or prior
ioLogik E2212 Series Firmware Version 3.13 or prior
ioLogik E2214 Series Firmware Version 3.11 or prior
ioLogik E2240 Series Firmware Version 3.11 or prior
ioLogik E2242 Series Firmware Version 3.11 or prior
ioLogik E2260 Series Firmware Version 3.12 or prior
ioLogik E2262 Series Firmware Version 3.11 or prior

 

Solutions

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
ioLogik E1210 Series Please download the new firmware/software here.
ioLogik E1212 Series Please download the new firmware/software here.
ioLogik E1214 Series Please download the new firmware/software here.
ioLogik E1240 Series Please download the new firmware/software here.
ioLogik E1242 Series Please download the new firmware/software here.
ioLogik E1260 Series Please download the new firmware/software here.
ioLogik E1262 Series Please download the new firmware/software here.
ioLogik E2210 Series Please download the new firmware/software here.
ioLogik E2212 Series Please download the new firmware/software here.
ioLogik E2214 Series Please download the new firmware/software here.
ioLogik E2240 Series Please download the new firmware/software here.
ioLogik E2242 Series Please download the new firmware/software here.
ioLogik E2260 Series Please download the new firmware/software here.
ioLogik E2262 Series Please download the new firmware/software here.

 

Revision History

Version Description Release Date
1.0 First Release Aug 19, 2016

Relevant Products

ioLogik E1200 Series · ioLogik E2200 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback