Moxa Moxa’s Response Regarding the Apache Log4j Vulnerabilities

Act Nowmoxa-s-response-regarding-the-apache-log4j-vulnerabilityJan 27, 2022

Summary

Apache Log4j is vulnerable to multiple remote code execution and denial-of-service issues (CVE-2017-5645, CVE-2020-9488, CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105). At the time of publication, Moxa states that none of its products are directly affected by these vulnerabilities. Moxa's Product Security Incident Response Team is monitoring for any updates to the vulnerability status that may affect Moxa products.

What this means

What could happen

If Moxa products are later found to use vulnerable Log4j versions, attackers could remotely execute arbitrary code on those devices without authentication, potentially taking control of industrial equipment or causing service disruption.

Who's at risk

Water and electric utilities operating Moxa industrial networking equipment (gateways, switches, firewalls, terminal servers, remote management devices) should monitor this advisory. Moxa devices are commonly used in SCADA networks and at substations for remote access and monitoring.

How it could be exploited

An attacker could send a specially crafted Log4j message containing malicious JNDI directives over the network to any Moxa device running a vulnerable Log4j version. If the device processes this message, the malicious code would execute with the privileges of the application.

Prerequisites

Network access to a Moxa device running vulnerable Log4j
No authentication required

remotely exploitableno authentication requiredactively exploited (KEV)high EPSS score (94.4%)affects industrial networking equipment

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

Moxa’s Response Regarding the Apache Log4j VulnerabilitiesAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/4

HARDENINGContact Moxa support and request confirmation of whether your specific products and firmware versions use Log4j and, if so, request patched versions

HARDENINGMonitor Moxa's official security advisories and PSIRT communications for updates if Log4j-affected products are identified

HARDENINGReview your network for all Moxa devices and document their product models and firmware versions

WORKAROUNDImplement or verify network segmentation and firewall rules to restrict inbound connections to Moxa devices to only authorized sources

CVEs (6)

CVE-2017-5645 CVE-2020-9488 CVE-2021-44228 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ca054a9e-b9ca-4e65-b19b-96ba5c46e0bd