Moxa Security Enhancement: Intel® Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)

Low RiskMPSA-256823Mar 9, 2026

Summary

Intel Management Engine on the remote host has Active Management Technology (AMT) enabled by default and has been identified with multiple vulnerabilities: CVE-2022-30601: Insufficient protection for credentials in Intel AMT and Intel Standard Manageability allows an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. CVE-2022-30944: Insufficient protection for credentials in Intel AMT and Intel Standard Manageability allows a privileged user to potentially enable information disclosure via local access. CVE-2022-28697: Improper access control in firmware for Intel AMT and Intel Standard Manageability allows an unauthenticated user to potentially enable escalation of privilege via physical access. The vulnerabilities affect Intel AMT and Standard Manageability components across multiple severity levels and access requirements.

What this means

What could happen

An attacker with network access could exploit credential protection weaknesses to gain unauthorized access to Intel AMT, potentially allowing them to escalate privileges and take control of affected systems. This could compromise the integrity and availability of OT networks if AMT-enabled devices are connected to operational systems.

Who's at risk

Any OT facility (water, electric, manufacturing) running industrial devices or embedded controllers with Intel processors that have Intel AMT enabled, including PLCs, RTUs, IEDs, and engineering workstations. Organizations using Moxa industrial computers or gateways with integrated Intel processors should assess whether AMT is enabled in their environment.

How it could be exploited

An unauthenticated attacker on the network could exploit CVE-2022-30601 to extract or bypass AMT credentials, then use those credentials to escalate privileges and execute commands through Intel AMT. Alternatively, an attacker with physical access could exploit CVE-2022-28697 to bypass firmware access controls and gain administrative control of the affected device.

Prerequisites

Network access to Intel AMT services (CVE-2022-30601)
Physical access to the device (CVE-2022-28697)
Privileged user credentials on the local system (CVE-2022-30944)

remotely exploitable (CVE-2022-30601)no authentication required for network exploitation (CVE-2022-30601)no patch available from Intel or Moxaaffects out-of-band management channelAMT enabled by default

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (1)

ProductAffected VersionsFix Status

Security Enhancement: Intel® Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)All versionsNo fix yet

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGDisable Intel Active Management Technology (AMT) on all OT-connected devices where it is not required for management

HARDENINGDisable remote access to Intel AMT interfaces if not operationally necessary

HARDENINGChange default AMT credentials and enforce strong password policies for AMT accounts

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to restrict access to Intel AMT management interfaces from untrusted networks

HOTFIXMonitor Intel security advisories for firmware patches when vendors release updates addressing INTEL-SA-00709

Long-term hardening

0/1

HARDENINGMonitor for and restrict physical access to affected devices

CVEs (3)

CVE-2022-30601 CVE-2022-30944 CVE-2022-28697

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7fabd652-fa4e-46f2-a673-a0734b57b541