ICSA-19-057-01 · Published 2019-10-24 · View on CISA ICS-CERT ↗

Moxa IKS, EDS (Update A)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow the reading of sensitive information, remote code execution, arbitrary configuration changes, authentication bypass, sensitive data capture, reboot of the device, device crash, or full compromise of the device.

CVEs (10)

CVE-2019-6557 CVE-2019-6561 CVE-2019-6565 CVE-2019-6520 CVE-2019-6524 CVE-2019-6526 CVE-2019-6522 CVE-2019-6518 CVE-2019-6563 CVE-2019-6559

Remediations

Install firmware patch. Patches may be requested from Moxa Customer Service (login required):
Set EDS series Web configuration as "https only” to reduce predictable session ID concern.
Please see Moxa's security advisory for more information.

Affected Vendors

Moxa

Affected Products (4)

Moxa · IKS-G6824A series <= 5.6

Moxa · EDS-408A series <= 3.8

Moxa · EDS-510A series <= 3.8

Moxa · EDS-405A series <= 3.8

Affected Sectors

Critical Manufacturing, Energy, and Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more