Moxa Security Enhancement: Intel® Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)

Low RiskMPSA-256823Mar 9, 2026

Moxa

Summary

Intel Management Engine on Moxa devices has Active Management Technology (AMT) enabled by default. Multiple vulnerabilities in AMT allow unauthenticated network attackers to disclose credentials and escalate privileges (CVE-2022-30601), privileged local users to disclose information (CVE-2022-30944), and physical attackers to escalate privileges via firmware access (CVE-2022-28697). These are Intel-level vulnerabilities (INTEL-SA-00709) affecting Moxa products through their use of Intel processors.

What this means

What could happen

Intel AMT (Active Management Technology) vulnerabilities on Moxa devices can allow an attacker to bypass authentication and gain control over the device management layer, potentially enabling remote manipulation of device settings or escalation to full system control. This threatens availability and integrity of Moxa equipment deployed in water systems, power grids, or other critical infrastructure.

Who's at risk

Organizations running Moxa industrial devices (gateways, switches, computers) with Intel processors in water utilities, power systems, manufacturing, or other critical infrastructure environments. Any device with Intel Active Management Technology enabled is vulnerable, regardless of Moxa product line.

How it could be exploited

An attacker with network access to a Moxa device can exploit unauthenticated AMT credential protection flaws (CVE-2022-30601) to disclose or manipulate credentials, gaining unauthorized access to the AMT interface. From there, the attacker can escalate privileges and take control of device management functions, or use physical access exploits (CVE-2022-28697) if they can reach the device in person. This allows direct modification of device behavior or creation of persistent backdoors.

Prerequisites

Network access to the Moxa device on the port where AMT is listening (typically port 16992-16993)
AMT enabled on the device (default configuration)
No authentication required for exploitation of CVE-2022-30601

remotely exploitableno authentication required (CVE-2022-30601)affects device management layer with escalation potentialIntel chipset-level vulnerability affecting multiple vendorsdefault configuration leaves devices at risk

Exploitability

Some exploitation risk — EPSS score 1.7%

Affected products (1)

ProductAffected VersionsFix Status

Security Enhancement: Intel® Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)All versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDisable Intel AMT on all Moxa devices where it is not operationally required

HARDENINGRestrict network access to AMT ports (16992-16993) using firewall rules to trusted engineering workstations only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to isolate Moxa devices from untrusted networks

HOTFIXContact Moxa technical support for advisory MPSA-256823 and determine if firmware updates addressing Intel-SA-00709 are available for your specific Moxa product models

CVEs (3)

CVE-2022-30601 CVE-2022-30944 CVE-2022-28697

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7fabd652-fa4e-46f2-a673-a0734b57b541

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.