As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Sign In
Home Support Security Advisories Security Enhancement: Web Application Potentially Vulnerable to Clickjacking

Product support

Security Advisories

Please sign in

Forgot your password?
Sign In
Remember Me.
Not a member? Sign up now
SUMMARY

Security Enhancement: Web Application Potentially Vulnerable to Clickjacking

The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions. (Source: Tenable Nessus)

Since this is a medium severity issue, users can assess their environment and schedule the update during the next maintenance or update cycle.

AFFECTED PRODUCTS AND SOLUTIONS

Solutions

Moxa has developed appropriate solutions to enhance the security. The solutions for the affected products are listed in the following table: 

Product Series Affected Versions Solutions

ioLogik E1200 Series

  • (ioLogik E1210/E1210-T)
  • (ioLogik E1211/E1211-T)
  • (ioLogik E1212/E1212-T)
  • (ioLogik E1213/E1213-T)
  • (ioLogik E1214/E1214-T)
  • (ioLogik E1240/E1240-T)
  • (ioLogik E1241/E1241-T)
  • (ioLogik E1242/E1242-T)
  • (ioLogik E1260/E1260-T)
  • (ioLogik E1262/E1262-T)
 v3.4 and earlier  Firmware v4.0 or later

ioLogik E2200 Series

  • (E2210)
  • (E2212)
  • (E2214)
  • (E2240)
  • (E2242)
  • (E2260)
  • (E2262)

Firmware

  • v3.13 and all versions 
  • v3.14 and all versions 
  • v3.12 and all versions 
  • v3.12 and all versions 
  • v3.12 and all versions 
  • v3.13 and all versions 
  • v3.12 and all versions 
 Please refer to Mitigations

 

Mitigations

To mitigate the risk, we recommend the following actions:

  • For ioLogik E2200 Series, disable the unencrypted HTTP Web Console, use utility management methods instead, and restrict unencrypted service ports (e.g., TCP/80) through firewall rules. Please refer to The Security Hardening Guide for the ioLogik E2200 Series for more information. 
  • Refer to the General Security Recommendations section to further strengthen your security context.

 

General Security Recommendations

To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:

  1. Restrict Network Access
    • Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
    • Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
  2. Minimize Exposure
    • Avoid exposing devices directly to the Internet.
    • Disable unused network services and ports to reduce the attack surface.
  3. Enhance Device Authentication and Access Control
    • Implement multi-factor authentication (MFA) for accessing critical systems.
    • Use role-based access control (RBAC) to enforce the principle of least privilege.
  4. Regularly Update Firmware and Software
    • Keep devices updated with the latest firmware versions and security patches.
    • Establish a regular patch management schedule to address newly identified vulnerabilities.
  5. Secure Remote Access
    • Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
    • Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
  6. Implement Anomaly Detection Techniques
    • Monitor network traffic and device behavior for unusual or unauthorized activities.
    • Use tools or techniques that can identify anomalies and provide alerts for potential threats.
  7. Implement Logging and Monitoring
    • Enable event logging and maintain audit trails on devices.
    • Regularly review logs for anomalies and unauthorized access attempts.
  8. Conduct Regular Security Assessments
    • Perform vulnerability assessments to identify potential risks.
    • Regularly review device configurations to ensure compliance with security policies.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release November 27, 2025

Relevant Products

ioLogik E1200 Series · ioLogik E2200 Series ·

  •   Print this page

  • Save
    You can manage and share your saved list in My Moxa
Related Advisories
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

Do Not Share My Personal Information

To opt out of sharing your personal information for cross-context behavioral advertising, you can complete and submit the form provided below.


Please note that even if you choose to complete the form, you may still see our ads on other websites. However, these ads may not be as relevant to you as they would be if you had not opted out.

 
 
Added To Bag

View Bag
You have some items waiting in your bag; click here to finish your quote!

You are currently on the Global / English site.
Would you like to go to the site for your region?

Feedback