Product support

Security Advisories

SUMMARY

Moxa’s Response Regarding the CPU Hardware Vulnerability to Side-Channel Attacks (Meltdown & Spectre)

  • Version: 1.0
  • Release Date: Jan 16, 2018
  • Reference:
    • CVE-2017-5753, CVE-2017-5715, CVE-2017-5754

In January 2018, researchers announced vulnerabilities that can corrupt the implementation of speculative execution of instructions on microprocessor architectures to perform side-channel information disclosure attacks.

CVE-2017-5753 (Spectre)
CVE-2017-5715 (Spectre)
CVE-2017-5754 (Meltdown)

The vulnerabilities could allow an attacker to read information on the microprocessors or memory allocated on the operating system kernel.

To take advantage of these vulnerabilities, the attacker must be able to run a malicious custom code on a device. The vast majority of Moxa's products are not vulnerable since they operate on closed systems that do not allow custom codes to be run on the devices.

Moxa's devices that use a computer platform which includes microprocessors that could be targeted may be considered vulnerable even if they are not directly affected by the vulnerabilities. Vendors of microprocessors and operating systems are releasing updates that help mitigate these vulnerabilities. Moxa will also release updates for these products based on the vendor's suggestions.

Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products

The affected products and firmware versions are shown below.

 Product Category Product Series Affected Version
x86 Computers  V2201 Series All Versions
V2403 Series
V2406A Series
V2416A Series
V2426A Series
V2616A Series
MC-1100 Series
MC-7200 Series
DA-680A Series
DA-720 Series
DA-820 Series
Arm-Based Computers  UC-8100 Series
UC-8100-ME-T Series
Panel Computers and Displays MPC-2070 Series
MPC-2150 Series
MPC-2190 Series
MPC-2240 Series
MPC-2260 Series
EXPC-1519 Series

 

Solutions

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. 

 Product Category Product Series Solutions
x86 Computers  V2201 Series

Moxa is cooperating with the microprocessor vendor to provide a mitigation patch.


Please contact Moxa Technical Support for assistance.

V2403 Series
V2406A Series
V2416A Series
V2426A Series
V2616A Series
MC-1100 Series
MC-7200 Series
DA-680A Series
DA-720 Series
DA-820 Series
Arm-Based Computers  UC-8100 Series
UC-8100-ME-T Series
Panel Computers and Displays MPC-2070 Series
MPC-2150 Series
MPC-2190 Series
MPC-2240 Series
MPC-2260 Series
EXPC-1519 Series

 

Revision History

Version Description Release Date
1.0 First Release Jan 16, 2018

Relevant Products

DA-720 Series · DA-820 Series · EXPC-1519 Series · MC-1100 Series · MPC-2070 Series · MPC-2150 Series · MPC-2240 Series · MPC-2260 Series · UC-8100 Series · UC-8100-ME-T Series · V2201 Series · V2403 Series · V2406A Series · V2416A Series · V2426A Series · V2616A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s Get That Fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag