Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Moxa statement on Shellshock
Question Type Security Advisory
Updated 9/5/2017 12:17:58 PM
Hits 1
Products
Suggestions

Moxa has verified that some of its products are impacted by the GNU Bourne-Again Shell (Bash) vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE 2014-6278). Also known as “Shellshock,” this vulnerability could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.

Moxa treats network security as a top priority as part of critical industrial infrastructure. For advice on possible security risks please see the following solutions, or directly contact our technical support team. To date, we have identified that the vulnerability is confined to Moxa’s Linux-based embedded computers.

Products that have been verified as not impacted by this vulnerability include:

Category Product Series

Industrial Ethernet

EDS series, IKS series, ICS series, EDR series, PT series, TN series, IEX series, EOM series

Industrial Wireless

AWK series, OnCell series

Serial Connectivity

NPort series, MGate series, MiiNePort series, NE series

Remote Automation

ioPAC series, ioLogik series

Industrial Computing

EM1220-LX, EM1240-LX, UC7110-LX, UC7112-LX

IP Surveillance

VPort series

Software

MXconfig, MXview, N-Snap, MXstudio

 

Products that have been verified as impacted by this vulnerability include:

Category Product Series

Industrial Computing

DA-660 series, DA-681-LX series, DA-682-LX series, DA-682A-LX series, DA-683-LX series, DA-685-LX series, DA-710-LX series, TC-6110-LX series, V2101-LX series, V2400-LX series, V2616-LX series, V2616A-LX series, UC-8400-LX series, UC-8100-LX series, UC-7112-LX plus series, W321-LX series, W341-LX series, W315A-LX series, W325A-LX series, W406-LX series, IA3341-LX series, IA260-LX series, IA261-LX series, IA262-LX series, IA240-LX series, EM-2260-LX series

 

The solutions for the impacted products are as follows:

Product Series Solution

x86-based product:
(Phase I for Debian 7)

  1. DA-682A-LX series
  2. TC-6110-LX series
  3. V2616A-LX series

For vulnerable x86-based products that have already been released, Moxa will provide product patches and a FAQ to help customers who need a solution to fix this issue. The release date of the x86-based product patches and FAQ will be Oct 31st, 2014.

x86-based product:
(Phase II for Debian 5)

  1. DA-681-LX series
  2. DA-682-LX series
  3. DA-683-LX series
  4. DA-685-LX series
  5. DA-710-LX series
  6. V2101-LX series
  7. V2400-LX series
  8. V2616-LX series

For vulnerable x86-based products that have already been released, Moxa will provide product patches and a FAQ to help customers who need a solution to fix this issue. The release date of the x86-based product patches and FAQ will be November 14th, 2014.

RISC-based products:

  1. UC-8400-LX series
  2. UC-8100-LX series
  3. UC-7112-LX plus series
  4. W321-LX, W341-LX series
  5. W315A-LX, W325A-LX series
  6. W406-LX series
  7. IA3341-LX series
  8. IA260-LX, IA261-LX, IA262-LX series
  9. IA240-LX series
  10. EM-2260-LX series
  11. DA-660 Series

For vulnerable RISC-based products that have already been released, Moxa will provide product patches and a FAQ to help customers who need a solution to fix this issue. The release date of RISC-based product patches and FAQ will be November 14th, 2014.

 

October 7th 2014

Related Questions
Provide Feedback
Quality of this article
Poor                Excellent