Moxa Moxa's Response Regarding Sudo Heap-based Buffer Overflow Vulnerability (CVE-2021-3156)
Act Nowmoxa-response-regarding-sudo-heap-based-buffer-overflow-vulnerability-cve-2021-3Feb 17, 2021
Summary
Sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1 contain a heap-based buffer overflow vulnerability that allows an attacker with local user access to exploit the flaw and gain elevated (root) privileges. This affects Moxa devices that include vulnerable versions of sudo in their Linux-based operating systems.
What this means
What could happen
An attacker with local access to a Moxa device could exploit this sudo flaw to gain root-level control, allowing them to modify device configurations, alter process logic, disable safety systems, or shut down operations.
Who's at risk
This affects energy sector operators and any organization running Moxa industrial devices (HMIs, gateways, remote terminal units, network management appliances) that include vulnerable sudo versions in their embedded Linux operating systems. Particular concern for devices with network-accessible management interfaces or engineering access points.
How it could be exploited
An attacker first needs local user access to the Moxa device (via SSH, console, or other means). Once logged in as a regular user, they trigger the sudo buffer overflow vulnerability to escalate privileges to root, gaining full device control.
Prerequisites
- Local user account on the Moxa device
- Ability to execute sudo commands
- Vulnerable sudo version (1.8.2–1.8.31p2 or 1.9.0–1.9.5p1) installed on the device
Actively exploited (KEV)Allows privilege escalation to rootHigh EPSS score (92.5%)No patch available yetLow complexity exploitationAffects safety-critical systems
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
Moxa's Response Regarding Sudo Heap-based Buffer Overflow Vulnerability (CVE-2021-3156)All versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDIdentify all Moxa devices running vulnerable sudo versions and isolate them from untrusted network access until a patch is available
HARDENINGRestrict local user account creation and enforce strong access controls on engineering workstations and maintenance interfaces
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXMonitor Moxa security advisories for availability of patched firmware or sudo updates for your specific device models
HOTFIXIf patched firmware is released, schedule a maintenance window to update all affected Moxa devices to the patched version
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9dfeb2d2-dfd4-4164-9b2b-865446b7284b