Moxa Moxa’s Response Regarding the Open SSL Vulnerability (Heartbleed, CVE-2014-0160)
Act Nowmoxas-response-regarding-the-open-ssl-vulnerability-heartbleed-cve-2014-0160Apr 16, 2014
Summary
Moxa has verified that none of its products are impacted by the OpenSSL vulnerability CVE-2014-0160 (Heartbleed). This vulnerability could allow attackers to read data including passwords and encryption keys from affected systems. Moxa's Cyber Security Response Team confirms no Moxa products are vulnerable and will provide updates if that status changes.
What this means
What could happen
This is a clearance notice: Moxa confirms none of its products are affected by Heartbleed. No operational impact to Moxa-based control systems from this vulnerability.
Who's at risk
This advisory does not identify any Moxa products as affected by Heartbleed. Organizations using Moxa industrial communication modules, gateways, or terminal servers do not need to take action in response to this specific vulnerability.
How it could be exploited
The Heartbleed vulnerability in affected OpenSSL versions allows remote attackers to read sensitive memory without authentication. However, Moxa has determined its products do not use vulnerable OpenSSL versions.
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
Moxa’s Response Regarding the Open SSL Vulnerability (Heartbleed, CVE-2014-0160)All versionsNo fix yet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b87bf420-cb1f-472e-9675-2ccb17866121