Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Moxa’s Statement on Meltdown and Spectre Vulnerability
Question Type Security Advisory
Updated 1/25/2018 2:03:25 PM
Hits 1
Products
Suggestions

Background

In January 2018, researchers announced vulnerabilities that can corrupt the implementation of speculative execution of instructions on microprocessor architectures to perform side-channel information disclosure attacks.

  • CVE-2017-5753 (Spectre)
  • CVE-2017-5715 (Spectre)
  • CVE-2017-5754 (Meltdown)

The vulnerabilities could allow an attacker to read information on the microprocessors or memory allocated on the operating system kernel.

To take advantage of these vulnerabilities, the attacker must be able to run a malicious custom code on a device. The vast majority of Moxa's products are not vulnerable since they operate on closed systems that do not allow custom codes to be run on the devices.

Moxa's devices that use a computer platform which includes microprocessors that could be targeted may be considered vulnerable even if they are not directly affected by the vulnerabilities. Vendors of microprocessors and operating systems are releasing updates that help mitigate these vulnerabilities. Moxa will also release updates for these products based on the vendor's suggestions.

Moxa's Cyber-Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.

Affected Products and Solutions

The table below lists Moxa's products that are affected and the mitigation plan.

The table below shows the list of models that have been affected and the release date of their patch
You can contact Moxa's technical support who will send it as soon as it is available.
As the investigation is on-going, please continue to check Moxa's security advisory or subscribe to the Moxa Security Advisory RSS feed.

[Update Jan. 25] The microprocessor vendor, Intel, has updated the release date for their patch solution, as it may have an issue rebooting on Broadwell and Haswell platforms. Currently, Moxa's potentially affected products do not use these two platforms. However, Intel have postponed the release of the patch for all platforms in order to address this issue. The updated schedule for releasing the patch SOP for windows will be provided after Intel has rectified this issue.

Product Category Affected Product Model Series Mitigation Suggestion
Industrial Computing V2201 Series
V2403 Series
V2406A Series
V2416A Series
V2426A Series
V2616A Series
MC-1100 Series
MC-7200 Series
DA-680A Series
DA-720 Series
DA-820 Series
MPC-2070 Series
MPC-2150 Series
MPC-2190 Series
MPC-2240 Series
MPC-2260 Series
EXPC-1519 Series
UC-8100 Series
UC-8100-ME-T Series

January 19, 2018
Release a SOP to update the fixed patch for Linux for the following models:

V2201 Series, V2403 Series, V2406A Series,
V2416A Series, V2426A Series, V2616A Series
MC-1100 Series, DA-680A Series, DA-720 Series, DA-820 Series

Moxa is cooperating with the microprocessor vendor to provide a mitigation patch for Windows.
We will provide a SOP as soon as it ready for the following models:

V2201 Series, V2403 Series, V2406A Series, V2416A Series,
V2426A Series, V2616A Series, MC-1100 Series, MC-7200 Series,
DA-680A Series, DA-720 Series, DA-820 Series, MPC-2070 Series,
MPC-2150 Series, MPC-2190 Series, MPC-2240 Series
MPC-2260 Series, EXPC-1519 Series

Moxa is cooperating with the microprocessor vendor to provide a mitigation patch.
We will provide a SOP as soon as it ready for the following models:

UC-8100 Series,
UC-8100-ME-T Series

 

Release History

Version Description Released Date
1.0 First release January 16, 2018
1.1 Status update January 25, 2018

Related Questions
Provide Feedback
Quality of this article
Poor                Excellent