Product Support

Security Advisories

SUMMARY

NPort 5600 Series Serial Device Servers Vulnerabilities

  • Version: 1.0
  • Release Date: Aug 12, 2019

Two product vulnerabilities were identified in Moxa’s NPort 5600 Series Serial Device Servers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Authentication Bypass An attacker can bypass authentication and gain access to device functions.
2 Insufficient Validation An attacker can upload unauthorized firmware after gaining access to a device.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

oduct Series Affected Versions
NPort 5600 Series Firmware Version 3.8 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
NPort 5600 Series 1. Please download the new firmware/software here.
2. Set web configuration as HTTPS after installing the new firmware.

 

Acknowledgment:

We would like to express our appreciation to Jason Larsen from Security Consultant Firm, IOActive, for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Aug 12, 2019

Relevant Products

NPort 5600 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag