Affected Products:
The affected products and firmware versions are shown below.
| Product Series |
Affected Versions |
| EDS-4008 Series |
Firmware version v3.2 and prior versions |
| EDS-4009 Series |
Firmware version v3.2 and prior versions |
| EDS-4012 Series |
Firmware version v3.2 and prior versions |
| EDS-4014 Series |
Firmware version v3.2 and prior versions |
| EDS-G4008 Series |
Firmware version v3.2 and prior versions |
| EDS-G4012 Series |
Firmware version v3.2 and prior versions |
| EDS-G4014 Series |
Firmware version v3.2 and prior versions |
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Mitigation:
-
Minimize network exposure to ensure the device is not accessible from the Internet.
-
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).
-
The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.
Products That Are Not Vulnerable:
Only the products listed in the Affected Products section of this advisory are known to be affected by this vulnerability. Moxa has confirmed that this vulnerability does not affect the following products:
- All EDS-2000 Series, All EDS-200 Series, All EDS-300 Series, All EDS-400 Series, All EDS-500 Series, All EDS-600 Series, All EDS-G2000 Series, All EDS-G200 Series, EDS-G308 Series, All EDS-G500 Series, EDS-P206A Series, All EDS-P500 Series
- All IKS Series
- All ICS Series
- All EOM Series
- All SDS Series
- All TN Series
Revision History:
| VERSION |
DESCRIPTION |
RELEASE DATE |
| 1.0 |
First Release |
Feb 26, 2024 |