Affected Products:
The affected products and firmware versions are shown below.
Product Series |
Affected Versions |
OnCell G3150A-LTE Series |
Firmware version v1.3 and prior versions |
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities (CVE-2004-2761, CVE-2013-2566, CVE-2016-2183), implementing the following security enhancements:
Product Series |
Solutions |
OnCell G3150A-LTE Series |
Please contact Moxa Technical Support for the security patch. |
Mitigation
Since Oncell G3150A-LTE has been phased out, we don’t have any plans to address CVE 2023-6093 and CVE-2023-6094. We recommend that users follow the mitigation measures below to deploy the product in an appropriate product security context.
Moxa recommends users to implement the following mitigations if necessary:
-
Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.
-
Place control system networks and remote devices behind firewalls, isolating them from business networks.
-
When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.
Revision History:
VERSION |
DESCRIPTION |
RELEASE DATE |
1.0 |
First Release |
Dec 29, 2022 |