In January 2018, researchers announced vulnerabilities that can corrupt the implementation of speculative execution of instructions on microprocessor architectures to perform side-channel information disclosure attacks.
CVE-2017-5753 (Spectre)
CVE-2017-5715 (Spectre)
CVE-2017-5754 (Meltdown)
The vulnerabilities could allow an attacker to read information on the microprocessors or memory allocated on the operating system kernel.
To take advantage of these vulnerabilities, the attacker must be able to run a malicious custom code on a device. The vast majority of Moxa's products are not vulnerable since they operate on closed systems that do not allow custom codes to be run on the devices.
Moxa's devices that use a computer platform which includes microprocessors that could be targeted may be considered vulnerable even if they are not directly affected by the vulnerabilities. Vendors of microprocessors and operating systems are releasing updates that help mitigate these vulnerabilities. Moxa will also release updates for these products based on the vendor's suggestions.
Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.