Security update: FTP access to the Miniserver
We want to make sure your systems are always as up-to-date and secure, no matter if you buy a Miniserver this year or bought one ten years ago. Security audits are carried out regularly to catch any risks ASAP and ensure the continuous safety of Loxone systems.
During our last audit on January 24, 2022, we discovered a security vulnerability related to FTP access of Miniservers running firmware versions 12.1.6.17, 12.1.7.16, 12.2.10.27 and 12.2.11.5.
There are no known cases of an attacker exploiting this vulnerability. However, as always, we recommend keeping all customer installations up-to-date to prevent a potential attack.
This vulnerability can be used, in rare scenarios, in installations where attackers gain FTP access to the Miniserver, allowing them to modify data.
Our team has created a new version to fix this issue. This version (12.2.12.1) is now available to download, and we strongly recommend all Miniservers running versions 12.1.6.17, 12.1.7.16, 12.2.10.27 and 12.2.11.5 be updated.
Today, a notification prompt was pushed via the Loxone App – enabling users with the relevant permissions to initiate the update themselves. The new version does not include any other changes apart from fixing the security vulnerability.
Let's talk about your project!
We are happy to help you plan your next project and show you the cost cutting and guest experience enhancing possibilities available with Loxone. Just leave us your contact details and we will be happy to get back to you.
The Loxone Advantage
No charge, no obligation
Our consultations are free of charge and there is no obligation to do anything after the chat.
Consult directly with the manufacturer
Talk to one of our Loxone Experts and get advice directly from the manufacturer.
Call us from anywhere at your convenience
Our consultations are conducted by phone, so you don't have to carve out a lot of time.
