Login
Sign-up
About IT4A
SHOP OT Products
SUPPLY Solutions
PROTECT Solutions
HOST Solutions
CONNECT Services
Useful RESOURCES
CONTACT IT4A
AboutIT4A
SHOPOT Products
SUPPLYSolutions
HOSTSolutions
PROTECTSolutions
CONNECTServices
UsefulRESOURCES
CONTACTIT4A

Security Enhancement: Web Application Potentially Vulnerable to Clickjacking

Published: November 27, 2025

This Alert Is From MOXA

As Industrial IoT (IIoT) adoption continues to proliferate, cybersecurity has become one of the top priorities. The Moxa Product Security Incident Response Team (PSIRT) takes a proactive approach to protect products from cybersecurity vulnerabilities. Moxa PSIRT investigates all reports of vulnerabilities that could potentially affect Moxa products. Moxa created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Moxa’s customers have steady, unambiguous resources to help them understand how Moxa resolves or mitigates reported vulnerabilities. For any queries, please email PSIRT@moxa.com.

The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions. (Source: Tenable Nessus)

Since this is a medium severity issue, users can assess their environment and schedule the update during the next maintenance or update cycle.

 

This alert has come from: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-252213-security-enhancement-web-application-potentially-vulnerable-to-clickjacking