You are here

Moxa AWK-3131A Series Industrial AP/Bridge/Client (ICSA-20-063-04) – Product Used in the Water and Wastewater and Energy Sectors

Moxa AWK-3131A Series Industrial AP/Bridge/Client (ICSA-20-063-04) – Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, March 5, 2020 - 11:03
Categories:
Cybersecurity

CISA has published an advisory on improper access control, use of hard-coded cryptographic key, os command injection, use of hard-coded credentials, classic buffer overflow, out-of-bounds read, stack-based buffer overflow, improper access control, and authentication bypass using an alternate path or channel vulnerabilities in Moxa AWK-3131A. Versions 1.13 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to gain control of the device and remotely execute arbitrary code. Moxa has created a security patch to mitigate these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.