Security Advisory: Multiple Vulnerabilities in Moxa Products

The French Computer Emergency Response Team (CERT-FR) has issued a security advisory regarding multiple vulnerabilities in products manufactured by Moxa, a leading provider of industrial networking solutions.

Document Management:

• Reference: CERTFR-2013-AVI-0901
• Title: [SCADA] Multiple Vulnerabilities in Moxa Products
• First Version Date: November 2, 2023
• Last Version Date: November 2, 2023
• Sources: Moxa Security Bulletin MPSA-234880 dated November 1, 2023, Moxa Security Bulletin MPSA-232905 dated November 1, 2023
• Attachments: None

Risks: The identified vulnerabilities pose the following risks:

1. Remote Denial of Service
2. Security Policy Bypass

Affected Systems: The vulnerabilities impact various product series and versions, including:

• EDR-810 series versions earlier than v5.12.29
• EDR-G902 series versions earlier than v5.7.21
• EDR-G903 series versions earlier than v5.7.21
• NPort 6000 series versions earlier than v2.0

Summary: Multiple vulnerabilities have been discovered in Moxa products, enabling attackers to remotely trigger denial of service and bypass security policies.

Solution: Users are advised to refer to the security bulletins provided by Moxa for obtaining the necessary patches. Detailed information and patches can be obtained from Moxa’s official security advisory channels.

Users and administrators are strongly encouraged to apply the recommended patches promptly to mitigate the identified vulnerabilities and enhance the security of their Moxa devices.

https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0901/