CVE-2019-18242

Name of the Vulnerable Software and Affected Versions Moxa ioLogik 2500 series firmware versions 3.0 or lower Moxa IOxpress configuration utility versions 2.3.0 or lower

Description The issue is related to an uncontrolled resource consumption in the firmware of Moxa ioLogik 2542-HSPA modules and the Moxa IOxpress Configuration Utility. This can be exploited by a remote attacker using specially crafted packets, potentially leading to a denial of service. Frequent and multiple requests for short-term use may cause the web server to fail.

Recommendations For Moxa ioLogik 2500 series firmware versions 3.0 or lower, consider restricting access to the web server to minimize the risk of exploitation until a patch is available. For Moxa IOxpress configuration utility versions 2.3.0 or lower, avoid using the utility for frequent and multiple requests for short-term use until the issue is resolved. As a temporary workaround, consider disabling the web server functionality in the affected firmware and utility until a patch is available.