We want to make sure your systems are always as up-to-date and secure, no matter if you buy a Miniserver this year or bought one ten years ago. Security audits are carried out regularly to catch any risks ASAP and ensure the continuous safety of Loxone systems.

During our last audit on January 24, 2022, we discovered a security vulnerability related to FTP access of Miniservers running firmware versions 12.1.6.17, 12.1.7.16, 12.2.10.27 and 12.2.11.5.

There are no known cases of an attacker exploiting this vulnerability. However, as always, we recommend keeping all customer installations up-to-date to prevent a potential attack.

This vulnerability can be used, in rare scenarios, in installations where attackers gain FTP access to the Miniserver, allowing them to modify data.

Our team has created a new version to fix this issue. This version (12.2.12.1) is now available to download, and we strongly recommend all Miniservers running versions 12.1.6.17, 12.1.7.16, 12.2.10.27 and 12.2.11.5 be updated.

Today, a notification prompt was pushed via the Loxone App – enabling users with the relevant permissions to initiate the update themselves. The new version does not include any other changes apart from fixing the security vulnerability.