Solutions
Moxa has developed appropriate solutions to address this vulnerability. The solutions for the affected products are listed in the following table:
| Product Series |
Affected Versions |
Solutions |
|
UC Series
-
UC-1200A Series
-
UC-2200A Series
-
UC-3400A Series
-
UC-4400A Series
-
UC-8200 Series
|
OS image (MIL3 Secure version)
-
v1.4 and earlier
-
v1.4 and earlier
-
v1.2 and earlier
-
v1.3 and earlier
-
v1.5 and earlier
OS image (MIL4 Secure version)
|
Please refer to Update Instructions as the primary remediation step
For additional support, please contact Moxa Technical Support
|
|
V Series
|
OS image (MIL3 Secure version)
|
|
V Series
-
V3200 Series
-
V3400 Series
|
OS image (MIL3 Secure version)
|
|
V2406C Series
|
OS image (MIL2 Secure version)
|
Please refer to Mitigations
|
Update Instructions
The following packages are required to remediate the affected systems. Select the update procedure that matches your network environment.
Packages List
| Product Series |
PACKAGE NAME with VERSION |
|
UC-1200A Series
|
MIL3.4.1 and before
MIL4.0.0
- linux-image-6.12.0-cip-moxa-am64x=6.12.39-cip5-moxa13-1+deb13
|
|
UC-2200A Series
|
MIL3.4.1 and before
MIL4.0.0
- linux-image-6.12.0-cip-moxa-am64x=6.12.39-cip5-moxa13-1+deb13
|
|
UC-3400A Series
|
MIL3.4.1 and before
MIL4.0.0
- linux-image-6.12.0-cip-moxa-am62x=6.12.39-cip5-moxa13-1+deb13
- ublox-m2-maya-w271-driver-6.12.0-cip-moxa=6.12.39-cip5-moxa13-1+deb13
|
|
UC-4400A Series
|
MIL3.4.1 and before
MIL4.0.0
- linux-image-6.12.0-cip-moxa-imx8mp=6.12.39-cip5-moxa13-1+deb13
|
| UC-8200 Series |
MIL3.4.1 and before
|
| V1200 Series |
MIL3
|
| V3200 Series |
MIL3
- linux-image-5.10.0-cip-rt-moxa-tigerlake=5.10.234-cip57-rt25-moxa24-1+deb11
- wmx7205-5.10.0-moxa-tigerlake=5.10.234-cip57-rt25-moxa24-1-tigerlake+deb11
|
| V3400 Series |
MIL3
- linux-image-5.10.0-cip-rt-moxa-tigerlake=5.10.234-cip57-rt25-moxa24-1+deb11
- wmx7205-5.10.0-moxa-tigerlake=5.10.234-cip57-rt25-moxa24-1-tigerlake+deb11
|
Online update procedures
sudo apt update
sudo apt install <package_name with version>
Offline update procedures
This procedure is intended for systems operating in air-gapped environments.
Prerequisites
- An internet-connected staging machine of the same product model and MIL system version as the target system.
Offline Phase 1 - Download on Staging Machine
sudo apt update
mkdir /tmp/cve-update && cd /tmp/cve-update
apt download <package_name with version>
- Transfer the downloaded .deb files to the target system via an authorized secure medium (e.g., approved USB drive) per your enterprise security policy.
Offline Phase 2 - Install on Target System
- Back up critical configuration files or take a system snapshot.
- Navigate to the directory containing the transferred .deb files and install:
cd /path/to/deb-files/
sudo dpkg -i *.deb
- Note: If dependency errors occur, ensure all required dependency packages are included.
Common Final Step: Reboot and Verify
- After updating the security patches, the system must be rebooted. After the system has rebooted, perform a version check to ensure the update was successful.
- Run the following command for each package listed under your product series in the Packages List above:
dpkg-query -W <package_name>
Mitigations
For users where physical access control cannot be guaranteed, and who may not be able to perform the update, we provide the following recommended mitigation measures as an alternative to mitigate the risk associated with the vulnerability.
- Refer to the General Security Recommendations section to further strengthen your security context.
General Security Recommendations
To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:
- Restrict Network Access
- Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
- Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
- Minimize Exposure
- Avoid exposing devices directly to the Internet.
- Disable unused network services and ports to reduce the attack surface.
- Enhance Device Authentication and Access Control
- Implement multi-factor authentication (MFA) for accessing critical systems.
- Use role-based access control (RBAC) to enforce the principle of least privilege.
- Prohibit the use of weak passwords and enforce a password policy that includes password complexity requirements, periodic password changes, and restrictions on password reuse.
- Regularly Update Firmware and Software
- Keep devices updated with the latest firmware versions and security patches.
- Establish a regular patch management schedule to address newly identified vulnerabilities.
- Secure Remote Access
- Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
- Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
- Implement Anomaly Detection Techniques
- Monitor network traffic and device behavior for unusual or unauthorized activities.
- Use tools or techniques that can identify anomalies and provide alerts for potential threats.
- Implement Logging and Monitoring
- Enable event logging and maintain audit trails on devices.
- Regularly review logs for anomalies and unauthorized access attempts.
- Conduct Regular Security Assessments
- Perform vulnerability assessments to identify potential risks.
- Regularly review device configurations to ensure compliance with security policies.
Acknowledgement
We would like to express our gratitude to Cyloq for reporting the vulnerability, collaborating with us to enhance the security of our products, and contributing to our efforts to deliver better service to our customers.
Revision History:
| VERSION |
DESCRIPTION |
RELEASE DATE |
| 1.0 |
First release |
June 12, 2026 |