Product support

Security Advisories

SUMMARY

Moxa’s Response Regarding the Intel Management Engine Vulnerability

  • Version: 1.0
  • Release Date: Aug 09, 2018
  • Reference:
    • CVE-2017-5689, CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712

In May 2017, researchers announced a vulnerability whereby an attacker who should not have access to a network could gain system privileges to provision Intel manageability SKUs and a local attacker could then provision manageability features to gain network or local system privileges on Intel manageability SKUs.

  • CVE-2017-5689

In the second half of 2017, researchers identified multiple vulnerabilities that are related to the Intel Management Engine.

  • CVE-2017-5705
  • CVE-2017-5708
  • CVE-2017-5711
  • CVE-2017-5712

In response to these vulnerabilities, Intel released a patch management engine firmware for all its platforms. Moxa has identified which of our products have been affected and issued a firmware upgrade. Any products that are not listed will not be affected by the aforementioned vulnerabilities. We recommend that people who have purchased the affected products get assistance through Moxa Global Customer Service and update to the latest BIOS.

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products

The affected products and firmware versions are shown below.

 Product Category Product Series Affected Version
x86 Computers  DA-820 Series All Versions
DA-720 Series
MC-7200-DC-CP Series
MC-7200-MP Series
Panel Computers and Displays EXPC-1519 Series

 

Solutions

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.  You can contact Moxa's technical support who will send it to you as soon as it is available.

 Product Category Product Series Solutionds
x86 Computers  DA-820 Series Patch BIOS Version V1.10S03
DA-720 Series Patch BIOS Version V1.30S00
MC-7200-DC-CP Series Patch BIOS Version V1.20S01
MC-7200-MP Series Patch BIOS Version V1.30S01
Panel Computers and Displays EXPC-1519 Series Patch BIOS Version V1.20S02

 

Revision History

Version Description Release Date
1.0 First Release Aug 9, 2018

Relevant Products

DA-720 Series · DA-820 Series · EXPC-1519 Series · MC-7200-DC-CP-T Series · MC-7200-MP-T Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s Get That Fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag