As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Multiple UC Series IPC SSH Vulnerability

Multiple UC series IPC are affected by CVE-2023-48795. These vulnerabilities are caused by insufficient integrity checks of packets during a handshake. An attacker in a network position between the client and server could omit some negotiation message, forcing to downgrade or disable some security features without detection. This vulnerability may lead to bypass authentication.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1

Improper Validation of Integrity Check Value (CWE-354)

CVE-2023-48795

An attacker may bypass the authentication mechanism.

Vulnerability Scoring Details 

ID
CVSS
Vector
Remote Exploit without Auth?
CVE-2023-48795

5.9

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Yes
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
UC-2100 Series Firmware version v1.13 and prior.
UC-3100 Series Firmware version v1.7 and prior.
UC-5100 Series Firmware version v1.5 and prior.
UC-8100 Series Firmware version v3.6 and prior.
UC-8100-ME-T Series Firmware version v3.2 and prior.
UC-8100A-ME-T Series Firmware version v1.7 and prior.
UC-8200 Series Firmware version v1.6 and prior.
UC-8410A Series Firmware version v4.2.2 and prior.
UC-8540 Series Firmware version v2.2 and prior.
UC-8580 Series Firmware version v2.2 and prior.

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
UC-2100 Series Please upgrade to firmware v1.14 or higher.
UC-3100 Series Please upgrade to firmware v1.8 or higher.
UC-5100 Series Please upgrade to firmware v1.6 or higher.
UC-8100 Series Please upgrade to firmware v3.7 or higher.
UC-8100-ME-T Series Please upgrade to firmware v3.3 or higher.
UC-8100A-ME-T Series Please upgrade to firmware v1.8 or higher.
UC-8200 Series Please upgrade to firmware v1.7 or higher.
UC-8410A Series Please upgrade to firmware v4.3.2 or higher.
UC-8540 Series Please upgrade to firmware v2.3 or higher.
UC-8580 Series Please upgrade to firmware v2.3 or higher.

 

Mitigation:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).
  • The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware. 

 

Products That Are Not Vulnerable:

Only the products listed in the Affected Products section of this advisory are known to be affected by this vulnerability.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Jun. 20, 2024

Relevant Products

UC-2100 Series · UC-3100 Series · UC-5100 Series · UC-8100 Series · UC-8100A-ME-T Series · UC-8100-ME-T Series · UC-8200 Series · UC-8410A Series · UC-8540 Series · UC-8580 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback