Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Moxa’s Statement in Response to Sentryo’s Technical Assessment of the Security Vulnerabilities in Moxa’s EDS-G512E Switch
Question Type Security Advisory
Updated 5/31/2018 4:09:10 PM
Hits 1
Products EDS-G508E/EDS-G512E/EDS-G516E Series,EDS-G512E-8PoE Series
Suggestions

Background

On Nov. 9th 2017, a cybersecurity solution vendor, Sentryo, published a technical assessment report that details multiple security vulnerabilities in Moxa’s EDS-G512E Switch. (https://www.sentryo.net/sentryo-analysis-industrial-ethernet-switch/)

The security vulnerabilities of Moxa’s EDS-G512E Switch are shown in the table below:

Item Vulnerability Type Impact
1 Denial of Service An attacker could remotely manipulate the session ID and disrupt the network communications of Moxa's switch.
2 Cookie Management Cookies are not secured against being reused.
3 Cross-Site Scripting Attack An attacker could use these flaws to insert a malicious code on to the users' browser or on to the switch.

Moxa’s Cyber Security Response Team is fully engaged in this matter and we are taking appropriate action. Our team has been working closely to replicate the reported issues, perform a detailed investigation, and responsibly support mitigation and remediation activities.

Affected Products and Solutions

In addition to the models reported by Sentryo, we also discovered the same vulnerability in other products. The products and patch plan are shown in the table below.

Product Series Affected Firmware Update Release Date
EDS-G508E Series
EDS-G512E Series
EDS-G512E-8PoE Series
EDS-G516E Series
Moxa has addressed these vulnerabilities in a new firmware release for the affected products. You can download it from this link:
https://www.moxa.com/support/download.aspx?type=support&id=3503

Revision History:

Version Description Release Date
1.0 First release January 3rd, 2018
1.1 Update patch firmware link May 31th, 2018
Related Questions
Provide Feedback
Quality of this article
Poor                Excellent