Affected Products:
The affected products and firmware versions are shown below.
Product Series |
Affected Versions |
SDS-3008 Series |
Firmware version 2.2 and prior. |
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities by updating the jQuery version and removing weak cipher suites. The solutions for affected products are shown below.
Mitigation:
Moxa recommends users follow CISA recommendations.
- Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.
- Place control system networks and remote devices behind firewalls, isolating them from business networks.
- When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.
Products That Are Not Vulnerable:
Only the products listed in the Affected Products section of this advisory are known to be affected by these vulnerabilities. Moxa has confirmed that this vulnerability does not affect the following products:
- TN-4500A Series, TN-5500A Series
- TN-4900 Series
- PT-G503 Series, PT-7728 Series, PT-7828 Series
Revision History:
VERSION |
DESCRIPTION |
RELEASE DATE |
1.0 |
First Release |
Jun. 19, 2024 |