OTPulse
FeedAboutContact

Moxa Moxa’s Response Regarding the OpenSSL X.509 Email Address 4-byte Buffer Overflow Vulnerability (CVE-2022-3602)

Act Nowmoxa-response-regarding-the-openssl-x-509-email-address-4-byte-buffer-overflow-vNov 4, 2022
Summary

OpenSSL CVE-2022-3602 is a buffer overflow in X.509 certificate verification that affects name constraint checking. A malicious email address in a certificate can overflow four bytes on the stack, potentially causing denial of service or remote code execution. Exploitation requires either a CA-signed malicious certificate or an application configured to ignore CA verification failures. Moxa has completed a vulnerability assessment and determined that none of their products are impacted by this vulnerability.

What this means
What could happen
Moxa has determined that none of their products are affected by this OpenSSL X.509 vulnerability. No operational impact is expected for deployed Moxa equipment.
Who's at risk
This advisory applies to industrial equipment manufacturers and integrators using Moxa networking products. However, Moxa has confirmed that their product line is not vulnerable, so this does not present a direct threat to Moxa-based deployments. Organizations using non-Moxa equipment with embedded OpenSSL should verify their vendors' vulnerability responses.
How it could be exploited
This vulnerability affects OpenSSL's X.509 certificate verification logic, which processes certificates during TLS handshakes. An attacker would need to present a maliciously crafted certificate with an oversized email address in the Subject Alternative Name field to trigger the buffer overflow during name constraint checking. Exploitation requires either a compromised or malicious CA to sign the certificate, or for the application to continue processing a certificate chain that failed standard verification.
Prerequisites
  • A malicious X.509 certificate signed by a trusted CA, or an application configured to ignore CA verification failures
  • Network access to TLS/SSL services on the target device
  • The target application must perform X.509 name constraint checking
High EPSS score (83.2%)OpenSSL library-level vulnerabilityPotential for remote code execution in vulnerable implementations
Exploitability
High exploit probability (EPSS 83.2%)
Affected products (1)
ProductAffected VersionsFix Status
Moxa’s Response Regarding the OpenSSL X.509 Email Address 4-byte Buffer Overflow Vulnerability (CVE-2022-3602)All versionsNo fix yet
Remediation & Mitigation
0/2
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGVerify your current Moxa product versions against Moxa's published advisory confirming no impact
Long-term hardening
0/1
HARDENINGMonitor for any updates to Moxa's vendor statement if additional products are identified as affected
View full Moxa Security advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ae9a2a6c-9f96-43d1-9b54-397630dd15d2
Moxa Moxa’s Response Regarding the OpenSSL X.509 Email Address 4-byte Buffer Overflow Vulnerability (CVE-2022-3602) - OTPulse