Affected Products:
The affected products and firmware versions are shown below.
Product Series |
Affected Versions |
MGate 5105-MB-EIP Series |
Firmware Version 4.2 or lower |
Solutions:
Moxa has developed an appropriate solution to address the vulnerabilities. The solution for affected products is shown below.
Product Series |
Solutions |
MGate 5105-MB-EIP Series |
- Please contact Moxa's Technical Support Team to get and install the related security patch.
- Disable “Moxa Command” under Console Settings.
- If you need to enable “Moxa Command”, we recommend enabling the security features below:
- Enable “Apply additional restrictions” to prevent unauthorized computer accessing the MGate 5105-MB-EIP
- Add your computer’s IP address to the IP allowlist.
|
Acknowledgment:
We would like to express our appreciation to Philippe Lin, Marco Balduzzi, Luca Bongiorni, Ryan Flores, Charles Perine, and Rainer Vosseler who worked with Trend Micro’s Zero Day Initiative to report the vulnerabilities, and also helped us enhance the security of our products and provide a better service to our customers.
Revision History:
VERSION |
DESCRIPTION |
RELEASE DATE |
1.0 |
First Release. |
Jul 10, 2020 |
1.1 |
Added information directing users to get the related security patch from Moxa’s Technical Support Team. |
Jul 31, 2020 |