Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility (ICSA-20-056-02) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on cleartext storage of sensitive information, cleartext transmission of sensitive information, and incorrectly specified destination in a communication channel vulnerabilities in Moxa ioLogik 2542-HSPA Series Controllers and IOs and IOxpress Configuration Utility. For Moxa ioLogik 2542-HSPA Series Controllers, versions 3.0 and lower are affected. IOxpress Configuration Utility, versions 2.3.0 and lower are affected. Successful exploitation of these vulnerabilities could crash the device or allow access to sensitive information. Moxa has developed a solution to address these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.