Affected Products
The affected products and firmware versions are shown below.
Product Series |
Affected Versions |
ioPAC 8500-2-RJ45-IEC-T
ioPAC 8500-2-M12-IEC-T |
Firmware version 1.4 or lower. |
ioPAC 8600-CPU30-M12-IEC-T
ioPAC 8600-CPU30-RJ45-IEC-T |
Firmware version 1.2 or lower. |
Solutions
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Product Series |
Solutions |
ioPAC 8500-2-RJ45-IEC-T
ioPAC 8500-2-M12-IEC-T |
For items 1 and 4:
If a user does not use ISaGRAF to configure or program the ioPAC 8500/8600 Series, then we encourage the user to utilize the built-in firewall to block access on TCP 1113 and TCP 1131 from outside the ioPAC 8500/8600 Series to mitigate the security risk.
If someone uses ISaGRAF to configure or program the ioPAC 8500/8600 Series, then we suggest following the steps below to mitigate security risks
For first initialization:
- Program or configure ioPAC 8500/8600 Series via ISaGRAF.
- Then, access ioPAC 8500/8600 Series and block access from TCP 1113 port and TCP 1131 port.
- Save the firewall rules settings on the ioPAC 8500/8600 Series.
For regular maintenance (re-config):
- Access the ioPAC 8500/8600 Series via a secure connection.
- Reopen TCP 1113 port and TCP 1131 port.
- Re-config the ioPAC 8500/8600 Series via ISaGRAF.
- Then, access the ioPAC 8500/8600 Series and block access from TCP 1113 port and TCP 1131 port.
- Save the firewall rules settings on the ioPAC 8500/8600 Series.
Below are the instructions for the firewall to block or reopen TCP 1113 port and TCP 1131 port on the ioPAC 8500/8600 Series.(Download Here)
For items 2, 3, and 4:
- Place the ioPAC 8500/8600 Series behind a firewall and isolate them from the business network.
- Install physical controls so no unauthorized personnel can access the ioPAC 8500/8600 Series.
|
Acknowledgment
We would like to express our appreciation to Alexander Nochvay from Kaspersky Lab ICS CERT for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
Revision History
Version |
Description |
Release Date |
1.0 |
First Release |
Dec 01, 2021 |