Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Intel Management Engine Vulnerability in Moxa Products
Question Type
Updated 8/9/2018 7:21:03 PM
Hits 1
Products
Suggestions

Summary

Version: 1.0
Reference:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00075.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html

In May 2017, researchers announced a vulnerability whereby an attacker who should not have access to a network could gain system privileges to provision Intel manageability SKUs and a local attacker could then provision manageability features to gain network or local system privileges on Intel manageability SKUs.
* CVE-2017-5689

In the second half of 2017, researchers identified multiple vulnerabilities that are related to the Intel Management Engine.
* CVE-2017-5705
* CVE-2017-5708
* CVE-2017-5711
* CVE-2017-5712

In response to these vulnerabilities, Intel released a patch management engine firmware for all its platforms. Moxa has identified which of our products have been affected and issued a firmware upgrade. Any products that are not listed will not be affected by the aforementioned vulnerabilities. We recommend that people who have purchased the affected products get assistance through Moxa Global Customer Service and update to the latest BIOS.

Affected Products and Solutions

The table below shows the list of models that have been affected and the release date of their patch. You can contact Moxa's technical support who will send it to you as soon as it is available. As the investigation is on-going, please continue to check Moxa's security advisory or subscribe to our Security Advisory RSS feed to make sure you have all the latest security information regarding our products.

Product Category Affected Product Model Series Mitigation Suggestion
Industrial Computing DA-820 Series
MC-7200-DC-CP Series
MC-7200-MP Series
EXPC-1519 Series
DA-720 Series
Upgrade to the latest BIOS which includes the patched Intel Management Engine Firmware.
Model Patch BIOS Version
DA-820 Series V1.10S03
MC-7200-DC-CP Series V1.20S01
MC-7200-MP Series V1.30S01
EXPC-1519 Series V1.20S02
DA-720 Series V1.30S00

 

Revision History:

Version Description Release Date
1.0 First release August 9, 2018

 

Related Questions
Provide Feedback
Quality of this article
Poor                Excellent