Moxa ioLogik Multiple Vulnerabilities

Number: AV16-161
Date: 06 October 2016

Purpose

The purpose of this advisory is to bring attention to multiple vulnerabilities in the Moxa ioLogik series of Ethernet remote I/O devices.

Assessment

Successful exploitation of this vulnerability could potentially allow an attacker to gain access to the device, change settings and data on the target device.

Versions affected: ioLogik E2210, ioLogik E2212, ioLogik E2240, ioLogik E2262, ioLogik E1262 ,ioLogik E2260, ioLogik E2242, ioLogik E2214, ioLogik E1211, ioLogik E1212, ioLogik E1241, ioLogik E1242, ioLogik E1260, ioLogik E1210, ioLogik E1214, ioLogik E1240, ioLogik E1213, ioLogik E1261W-T, ioLogik E1261H-T and ioLogik E1263H-T

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates in accordance with the vendor’s documentation.

References

http://www.moxa.com/support/faq/faq_detail.aspx?id=2703

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: