Security update: FTP access to the Miniserver

Courtney Muraczewski
01/26/2022 in For Partners

We want to make sure your systems are always as up-to-date and secure, no matter if you buy a Miniserver this year or bought one ten years ago. Security audits are carried out regularly to catch any risks ASAP and ensure the continuous safety of Loxone systems.

During our last audit on January 24, 2022, we discovered a security vulnerability related to FTP access of Miniservers running firmware versions 12.1.6.17, 12.1.7.16, 12.2.10.27 and 12.2.11.5.

There are no known cases of an attacker exploiting this vulnerability. However, as always, we recommend keeping all customer installations up-to-date to prevent a potential attack.

This vulnerability can be used, in rare scenarios, in installations where attackers gain FTP access to the Miniserver, allowing them to modify data.

Our team has created a new version to fix this issue. This version (12.2.12.1) is now available to download, and we strongly recommend all Miniservers running versions 12.1.6.17, 12.1.7.16, 12.2.10.27 and 12.2.11.5 be updated.

Today, a notification prompt was pushed via the Loxone App – enabling users with the relevant permissions to initiate the update themselves. The new version does not include any other changes apart from fixing the security vulnerability.

Send us a request

We'll answer all your questions for your next project as an end customer or a professional installer.

A
I'm an interested consumer...

and would like to learn more about Loxone for my home or business.

A
I'm an interested pro...

and would like to learn more about Partner Programs and products.

Get a free consultation for your project

    • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.

Let's see if we're a good match for partnership

  • Hidden
  • This field is for validation purposes and should be left unchanged.