As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

NPort 6000 Series and Utility Improper Certificate Validation Vulnerabilities

The following two vulnerabilities affect the NPort 6000 Series and Windows driver manager. An attacker may perform a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager. 

CVE-2022-43993 

The Windows driver manager software does not perform any certificate verification. 

CVE-2022-43994 

There is no client certificate verification/authentication performed on the secure connection. 

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1
Improper Certificate Validation (CWE-295) 
CVE-2022-43993 
The Windows driver manager software does not perform any certificate verification. An attacker may execute a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager. 
2
Improper Certificate Validation (CWE-295) 
CVE-2022-43994 
There is no client certificate verification/authentication performed on the secure connection. An attacker may perform a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager. 
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
NPort 6000 Series Firmware version 2.2 or lower. 
Windows Driver Manager Series 
(Windows 7 to 10 and Windows Server 2008 R2 to 2019, WHQL certified) 
Software version 3.4 or lower. 
Windows Driver Manager Series 
(Windows 11 and Server 2022 and later, WHQL certified) 
Software version 4.0 or lower. 

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
NPort 6000 Series Please contact Moxa Technical Support for the security patch.
Windows Driver Manager Series 
(Windows 7 to 10 and Windows Server 2008 R2 to 2019, WHQL certified) 
Please upgrade to firmware v3.5 or higher.
Windows Driver Manager Series 
(Windows 11 and Server 2022 and later, WHQL certified) 
Please upgrade to firmware v4.1 or higher.

 

Acknowledgment:

We would like to express our appreciation to Reid Wightman from Dragos for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers. 

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release March 14, 2023

Relevant Products

NPort 6100/6200 Series · NPort 6400/6600 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback