← Back to home
ICSA-16-049-02A  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

AMX Multiple Products Credential Management Vulnerabilities (Update A)

CVSS 9.9 CRITICAL

CVEs (2)

Remediations

  • AMX has reported the release of standard firmware versions and Hotfix firmware versions, which mitigates vulnerability, CVE-2015-8362, in the affected products. AMX’s standard firmware releases for affected products are available for download at the following URL, with a valid account: (http://www.amx.com/techcenter/).
  • AMX’s Hotfix firmware versions are intended to mitigate vulnerability, CVE-2015-8362, until standard firmware versions are available. AMX’s Hotfix firmware versions are available through AMX Tech Support. AMX Tech Support may be reached at US 800-932-6993, International +1-469-624-8000 or by email at: (mailto:[email protected]).
  • AMX has indicated that older devices may require interim firmware updates if the currently installed firmware is older than the versions listed in the dependencies columns. For more information read the Product Release Notes or contact AMX Tech Support.
  • The credential management vulnerability, CVE-2016-1984, affects firmware Versions 1.4.65 through 1.4.72. AMX has released firmware to mitigate these vulnerabilities. The following software versions should be applied to mitigate the credential management vulnerability: AMX Enova DVX Product Line: Master 1.5.68 or newer, Switcher 1.7.54 or newer, AMX Enova DGX Product Line: Master 1.5.68 or newer, Switcher 3.2.19 or newer
  • AMX’s standard firmware releases for affected products are available for download at the following URL, with a valid account: (http://www.amx.com/techcenter/).

Affected Vendors

Harman

Affected Products (43)

Harman · NX-1200 <1.4.65
Harman · NX-2200 <1.4.65
Harman · NX-3200 <1.4.65
Harman · NX-4200 NetLinx Controller <1.4.65
Harman · Massio ControlPads MCP-10x <1.4.65
Harman · Enova DVX-x2xx <1.4.65
Harman · DVX-31xxHD-SP (-T) <4.8.331
Harman · DVX-21xxHD-SP (-T) <4.8.331
Harman · DVX-2100HD-SP-T Master <4.1.420_Hotfix_firmware
Harman · Enova DGX 100 NX Series Master <1.4.72_Hotfix_firmware
Harman · Enova DGX 8/16/32/64 NX Series Master <1.4.72_Hotfix_firmware
Harman · Enova DGX 8/16/32/64 NI Series Master <4.2.397_Hotfix_firmware
Harman · NI-700 <4.1.419
Harman · NI-900 Master Controllers (64M RAM) <4.1.419
Harman · NI-700 <3.60.456_Hotfix_firmware
Harman · NI-900 Master Controllers (32M RAM) <3.60.456_Hotfix_firmware
Harman · NI-2100 <4.1.419
Harman · NI-3100 <4.1.419
Harman · NI-4100 <4.1.419
Harman · NI-2100 with ICSNet <4.1.419
Harman · NI-3100 with ICSNet <4.1.419
Harman · NI-3100/256 <4.1.419
Harman · NI-3100/256 with ICSNet <4.1.419
Harman · NI-4100/256 <4.1.419
Harman · NI-3101-SIG Master Controller <4.1.419
Harman · NI-2000 <3.60.456_Hotfix_firmware
Harman · NI-3000 <3.60.456_Hotfix_firmware
Harman · NI-4000 <3.60.456_Hotfix_firmware
Harman · ME260/64 Duet <3.60.456_Hotfix_firmware
Harman · NX-1200 1.4.65_Hotfix_firmware
Harman · NX-1200 1.4.66_Hotfix_firmware
Harman · NX-2200 1.4.65_Hotfix_firmware
Harman · NX-2200 1.4.66_Hotfix_firmware
Harman · NX-3200 1.4.65_Hotfix_firmware
Harman · NX-3200 1.4.66_Hotfix_firmware
Harman · NX-4200 NetLinx Controller 1.4.65_Hotfix_firmware
Harman · NX-4200 NetLinx Controller 1.4.66_Hotfix_firmware
Harman · Massio ControlPads MCP-10x 1.4.65_Hotfix_firmware
Harman · Massio ControlPads MCP-10x 1.4.66_Hotfix_firmware
Harman · Enova DVX-x2xx 1.4.65_Hotfix_firmware
Harman · Enova DVX-x2xx 1.4.72_Hotfix_firmware
Harman · Enova DGX 100 NX Series Master 1.4.72_Hotfix_firmware
Harman · Enova DGX 8/16/32/64 NX Series Master 1.4.72_Hotfix_firmware

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more