As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Multiple Moxa Product Series Affected by Linux Kernel Memory Double Free Vulnerability

  • Security Advisory ID: MPSA-249807
  • Version: V1.2
  • Release Date: Jul 10, 2024
  • Reference:

Multiple Moxa product series are affected by the Linux kernel memory double free vulnerability. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component could be exploited to achieve a system crash and local privilege escalation.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1

Use After Free (CWE-416)

CVE-2024-1086

An attacker could exploit the vulnerability to achieve local privilege escalation or cause a system crash

Vulnerability Scoring Details 

ID
CVSS
Vector
Unauthenticated Remote Exploit
CVE-2024-1086

7.8

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H No
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
ioThinx 4530 Series Firmware version 2.0 and prior versions
ioPAC 8600 Series Firmware version 2.1 and prior versions
EDS-4000 Series Firmware version 3.2 and prior versions
EDS-G4000 Series Firmware version 3.2 and prior versions
EDR-G9010 Series Firmware version 3.12.1 and prior versions
EDR-8010 Series Firmware version 3.12.1 and prior versions
NAT-102 Series Firmware version 1.0.5 and prior versions
OnCell G4302-LTE4 Series Firmware version 3.9.0 and prior versions
MXsecurity Firmware version 2.0 and prior versions
UC-1200A Series Firmware version 1.1 and prior versions
UC-2200A Series Firmware version 1.1 and prior versions
UC-2100 Series Firmware version 1.14 and prior versions
UC-3100 Series Firmware version 1.8 and prior versions
UC-5100 Series Firmware version 1.6 and prior versions
UC-8100 Series Firmware version 3.7 and prior versions
UC-8100-ME Series Firmware version 3.3 and prior versions
UC-8100A-ME-T Series Firmware version 1.7 and prior versions
UC-8200 Series Firmware version 1.7 and prior versions
UC-8410A Series Firmware version 4.3.2 and prior versions
UC-8540 Series Firmware version 2.3 and prior versions
UC-8580 Series Firmware version 2.3 and prior versions
V2406C Series Firmware version 1.3 and prior versions
V2201 Series Firmware version 2.1 and prior versions
V2403C Series Firmware version 1.1 and prior versions
DA-820C Series Firmware version 1.2 and prior versions
DA-682C Series Firmware version 1.3 and prior versions
DA-681C Series Firmware version 1.2 and prior versions
DA-681A Series Firmware version 1.0 and prior versions
DA-720 Series Firmware version 1.0 and prior versions
MC-1100 Series Firmware version 2.0 and prior versions
MC-7400 Series Firmware version 1.0 and prior versions
MPC-2070 Series Firmware version 1.0 and prior versions
MPC-2101 Series Firmware version 1.0 and prior versions
MPC-2120 Series Firmware version 1.0 and prior versions
MPC-2121 Series Firmware version 1.0 and prior versions
MPC-2190 Series Firmware version 1.0 and prior versions
MPC-2240 Series Firmware version 1.0 and prior versions
EXPC-1519 Series Firmware version 1.0 and prior versions
MPC-2150 Series Firmware version 1.0 and prior versions
BXP-C100 Series Firmware version 1.0 and prior versions
DRP-C100 Series Firmware version 1.0 and prior versions
DRP-A100 Series Firmware version 1.0 and prior versions
TN-4900 Series Firmware version 3.6 and prior versions
AIG-301 Series Firmware version 1.5.1 and prior versions
AIG-302 Series Firmware version 1.0 and prior versions

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
ioThinx 4530 Series Please contact Moxa Technical Support for the security patch.
ioPAC 8600 Series Please contact Moxa Technical Support for the security patch.
EDS-4000 Series Please upgrade to firmware v4.1 or later.
EDS-G4000 Series Please upgrade to firmware v4.1 or later.
EDR-G9010 Series Please upgrade to firmware v3.13 or later.
EDR-8010 Series Please upgrade to firmware v3.13 or later.
NAT-102 Series Please contact Moxa Technical Support for a security patch.
OnCell G4302-LTE4 Series Please upgrade to firmware v3.13.0 or later.
MXsecurity Please upgrade to firmware v2.1.0 or later.
UC-1200A Series Please see mitigation.
UC-2200A Series Please see mitigation.
UC-2100 Series Please contact Moxa Technical Support for the security patch.
UC-3100 Series Please contact Moxa Technical Support for the security patch.
UC-5100 Series Please contact Moxa Technical Support for the security patch.
UC-8100 Series Please contact Moxa Technical Support for the security patch.
UC-8100-ME Series Please contact Moxa Technical Support for the security patch.
UC-8100A-ME-T Series Please contact Moxa Technical Support for the security patch.
UC-8200 Series Please contact Moxa Technical Support for the security patch.
UC-8410A Series Please contact Moxa Technical Support for the security patch.
UC-8540 Series Please contact Moxa Technical Support for the security patch.
UC-8580 Series Please contact Moxa Technical Support for the security patch.
V2406C Series Please see mitigation.
V2201 Series Please see mitigation.
V2403C Series Please see mitigation.
DA-820C Series Please see mitigation.
DA-682C Series Please see mitigation.
DA-681C Series Please see mitigation.
DA-681A Series Please see mitigation.
DA-720 Series Please see mitigation.
MC-1100 Series Please see mitigation.
MC-7400 Series Please see mitigation.
MPC-2070 Series Please see mitigation.
MPC-2101 Series Please see mitigation.
MPC-2120 Series Please see mitigation.
MPC-2121 Series Please see mitigation.
MPC-2190 Series Please see mitigation.
MPC-2240 Series Please see mitigation.
EXPC-1519 Series Please see mitigation.
MPC-2150 Series Please see mitigation.
BXP-C100 Series Please see mitigation.
DRP-C100 Series Please see mitigation.
DRP-A100 Series Please see mitigation.
TN-4900 Series Please upgrade to firmware v3.13 or later.
AIG-301 Series Please contact Moxa Technical Support for the security patch.
AIG-302 Series Please contact Moxa Technical Support for the security patch.

 

Mitigation:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).
  • Locate control system networks and remote devices behind firewalls and isolate them from business networks.

 

Supplementary Information:

The Moxa secure router series features protection through defense-in-depth software design. Currently, this vulnerability remains inaccessible to authorized users. Even if a third-party package defect occurs within Moxa Secure Router systems, there is no clear evidence of immediate impacts on OT system operations. The product team is working on the solution to eliminate the third-party package defect. Moxa advises users to implement the recommended mitigations to minimize the risk of exploitation. The mitigations provided are designed to reduce the vulnerability's impact and protect the integrity of the system.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Jul 10, 2024
1.1 Update solutions for UC-1200A Series, UC-2200A Series, V2406C Series, V2201 Series, V2403C Series, DA Series, MC Series, MPC Series, EXPC-1519 Series, BXP-C100 Series, DRP Series  Oct 8, 2024
1.2 Update EDR-8010 Series, EDR-G9010 Series, NAT-102 Series, OnCell G4302-LTE4 Series, and TN-4900 Series in Affected Products and Solutions section October 21, 2024

Relevant Products

AIG-301 Series · AIG-302 Series · BXP-C100 Series · DA-681A Series · DA-681C Series · DA-682C Series · DA-720 Series · DA-820C Series · DRP-A100 Series · DRP-C100 Series · EDR-8010 Series · EDR-G9010 Series · EDS-4008 Series · EDS-4009 Series · EDS-4012 Series · EDS-4014 Series · EDS-G4008 Series · EDS-G4012 Series · EDS-G4014 Series · EXPC-1519 Series · ioPAC 8600 Series · ioThinx 4530 Series · MC-1100 Series · MC-7400 Series · MPC-2070 Series · MPC-2101 Series · MPC-2120 Series · MPC-2121 Series · MPC-2150 Series · MPC-2190 Series · MPC-2240 Series · MXsecurity Series · NAT-102 Series · OnCell G4302-LTE4 Series · TN-4900 Series · UC-1200A Series · UC-2100 Series · UC-2200A Series · UC-3100 Series · UC-5100 Series · UC-8100 Series · UC-8100A-ME-T Series · UC-8100-ME-T Series · UC-8200 Series · UC-8410A Series · UC-8540 Series · UC-8580 Series · V2201 Series · V2403C Series · V2406C Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback