Moxa Moxa’s Response Regarding the GNU Glibc Gethostbyname Function Buffer Overflow Vulnerability (GHOST, CVE-2015-0235)

Act Nowmoxas-response-regarding-the-gnu-glibc-gethostbyname-function-buffer-overflow-vuMay 5, 2015

Summary

The GHOST vulnerability (CVE-2015-0235) in the glibc library affects systems that use this C library for hostname resolution. An authenticated local administrator could trigger a buffer overflow in the gethostbyname function, potentially causing denial of service or command execution on affected Moxa industrial systems.

What this means

What could happen

A local administrator on an affected Moxa device could crash the system or potentially execute arbitrary commands, disrupting the control system's operation.

Who's at risk

Manufacturing facilities using Moxa industrial communication devices (such as industrial switches, gateways, or embedded control systems) that run affected versions of glibc are at risk. This affects OT operators who depend on these devices for network communication and control of production systems.

How it could be exploited

An attacker with local administrative access to a Moxa device can call the gethostbyname function with a specially crafted hostname to overflow a stack buffer, crashing the system or executing code with administrative privileges.

Prerequisites

Local access to an affected Moxa device
Administrative or privileged user credentials
Ability to make function calls or trigger hostname resolution

Low complexity attackHigh EPSS score (86.7%)No patch available from MoxaRequires local access with administrative credentialsAffects glibc library used across many industrial systems

Exploitability

High exploit probability (EPSS 86.7%)

Affected products (1)

ProductAffected VersionsFix Status

Moxa’s Response Regarding the GNU Glibc Gethostbyname Function Buffer Overflow Vulnerability (GHOST, CVE-2015-0235)All versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate Moxa devices from direct network access; place them behind firewalls and restrict administrative access to authorized personnel only

HARDENINGRestrict administrative access to Moxa devices to authorized personnel on a need-to-use basis

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to Moxa devices is required, use secure VPN connections and ensure VPN software is kept up to date

HOTFIXMonitor Moxa's Cyber Security Response Team (CSRT) for firmware updates or patches; contact Moxa support to check if patched firmware versions are available for your specific device model

Long-term hardening

0/1

HARDENINGImplement network segmentation to separate control system networks from business networks

CVEs (1)

CVE-2015-0235

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21a43fa9-239a-4297-ba6d-c7629f29fe1a