Affected Products:
The affected products and firmware versions are shown below.
Product Series |
Affected Versions |
NPort 6000 Series |
Firmware version v1.21 and prior versions
|
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Product Series |
Solutions |
NPort 6000 Series |
Please upgrade to firmware v2.0 or later. |
Mitigation
For the users still using version v1.x, refer to the
Hardening Guide on Moxa’s website to:
Moxa recommends users follow CISA recommendations.
-
Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.
-
Place control system networks and remote devices behind firewalls, isolating them from business networks.
-
When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.
Acknowledgment:
We would like to express our appreciation to Pasha Kravtsov and Nathan Nye from True Anomaly (trueanomaly.space) for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
Revision History:
VERSION |
DESCRIPTION |
RELEASE DATE |
1.0 |
First Release |
Nov. 1, 2023 |