ICSA-20-056-04 · Published 2020-02-25 · View on CISA ICS-CERT ↗

Moxa EDS-G516E and EDS-510E Series Ethernet Switches

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could crash the device, execute arbitrary code, and allow access to sensitive information.

CVE-2020-7007 CVE-2020-7001 CVE-2020-6979 CVE-2020-6981 CVE-2020-6999 CVE-2020-6997 CVE-2020-6991

EDS-G516E Series: Download the new firmware.
EDS-510E Series: please contact Moxa Technical Support for assistance.
Enable password on configuration file from “Configuration File Encryption” setting to eliminate the potential risk.
Enable HTTPS from the “Management Interface” setting.
Enable “Account Login Failure Lockout” functions to eliminate the potential risk.
Please see Moxa's security advisory for more information.

Moxa

Moxa · EDS-510E Series firmware <= 5.2

Moxa · EDS-G516E Series firmware <= 5.2

Critical Manufacturing, Energy, Water and Wastewater Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.