Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Moxa’s Statement in Response to Sentryo’s Technical Assessment of the Security Vulnerabilities in Moxa’s EDS-G512E Switch
Question Type Security Advisory
Updated 1/3/2018 7:51:13 PM
Hits 1
Products EDS-G508E/EDS-G512E/EDS-G516E Series,EDS-G512E-8PoE Series


On Nov. 9th 2017, a cybersecurity solution vendor, Sentryo, published a technical assessment report that details multiple security vulnerabilities in Moxa’s EDS-G512E Switch. (https://www.sentryo.net/sentryo-analysis-industrial-ethernet-switch/)

The security vulnerabilities of Moxa’s EDS-G512E Switch are shown in the table below:

Item Vulnerability Type Impact
1 Denial of Service An attacker could remotely manipulate the session ID and disrupt the network communications of Moxa's switch.
2 Cookie Management Cookies are not secured against being reused.
3 Cross-Site Scripting Attack An attacker could use these flaws to insert a malicious code on to the users’ browser or on to the switch.

Moxa’s Cyber Security Response Team is fully engaged in this matter and we are taking appropriate action. Our team has been working closely to replicate the reported issues, perform a detailed investigation, and responsibly support mitigation and remediation activities.

Affected Products and Solutions

In addition to the models reported by Sentryo, we also discovered the same vulnerability in other products. The products and patch plan are shown in the table below.


Product Series Affected Firmware Update Release Date Notes
EDS-G508E series
EDS-G512E series
EDS-G512E-8PoE series
EDS-G516E series
2018. Q3 Beta patch firmware is available now by request

Please contact Moxa Technical Support to get the temporary beta firmware.


V1.0  Moxa Security Advisory Published

Related Questions
Provide Feedback
Quality of this article
Poor                Excellent