The affected products and firmware versions are shown below.
||Firmware Version 1.2 or lower.
||Firmware Version 1.3 or lower.
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
|For item 1: Users can disable the HTTP console and enable HTTPs by device configuration.
For items 2 to 5: Users can disable the Moxa Service console by configuring the device.
For item 6: Please contact Moxa Technical Support for a security patch
For item 7: We recommend users download firmware from Moxa.com or another trusted source. We also provide SHA-512 checksum for firmware integrity check.
We would like to express our appreciation to Jake Baines from Dragos for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers
||Dec 30, 2021