Product support

Security Advisories

SUMMARY

Moxa’s Response Regarding the GNU Bourne-Again Shell (Bash) Vulnerability (Shellshock)

  • Version: 1.0
  • Release Date: Oct 07, 2014
  • Reference:
    • CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE 2014-6278

Moxa has verified that some of its products are impacted by the GNU Bourne-Again Shell (Bash) vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE 2014-6278). Also known as “Shellshock,” this vulnerability could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.

Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products

The affected product and firmware versions are shown below.

Product Category Product Series Affected Version
x86 Computers / Arm-Based Computers IA240 Series Firmware Version 1.6 or prior
UC-7100 Series (-LX Plus model) Firmware Version 1.5 or prior
DA-660A Series Firmware Version 1.1 or prior
EM-2260 Series (-LX models) Firmware Version 1.1 or prior
IA260 Series (-LX models) Firmware Version 1.1 or prior
IA261-I Series (-LX models) Firmware Version 1.1 or prior
IA262-I Series (-LX models) Firmware Version 1.1 or prior
UC-8410 Series (-LX models) Firmware Version 2.1 or prior
UC-8416 Series (-LX models) Firmware Version 2.1 or prior
UC-8418 Series (-LX models) Firmware Version 2.1 or prior
UC-8430 Series (-LX models) Firmware Version 2.1 or prior
UC-8481 Series (-LX models) Firmware Version 1.4 or prior
DA-682A Series (-LX models) Firmware Version 1.2 or prior
DA-820 Series Firmware Version 1.0 or prior
UC-8100 Series Firmware Version 1.3 or prior
UC-8410A Series Firmware Version 1.0 or prior

 

Solutions

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.

Product Category Product Series Solutions
x86 Computers / Arm-Based Computers IA240 Series Please download the new firmware/software here.
UC-7100 Series (-LX Plus model) Please download the new firmware/software here.
DA-660A Series Please download the new firmware/software here.
EM-2260 Series (-LX models) Please download the new firmware/software here.
IA260 Series (-LX models) Please contact Moxa Technical Support for assistance.
IA261-I Series (-LX models) Please contact Moxa Technical Support for assistance.
IA262-I Series (-LX models) Please contact Moxa Technical Support for assistance.
UC-8410 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
UC-8416 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
UC-8418 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
UC-8430 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
UC-8481 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
DA-682A Series (-LX models) Please download the new firmware/software here.
DA-820 Series Please contact Moxa Technical Support for assistance.
UC-8100 Series Please download the new firmware/software here.
UC-8410A Series Please download the new firmware/software here.

 

Revision History

Version Description Release Date
1.0 First Release Oct 7, 2014

Relevant Products

DA-660A Series · DA-820 Series · EM-2260 Series · IA240 Series · IA260 Series · IA261-I/IA262-I Series · UC-7100 Series · UC-8100 Series · UC-8410A Series · UC-8416/8418 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag