Moxa Moxa’s Response Regarding the GRUB2 (BootHole) Vulnerability
Low Riskmoxas-response-regarding-the-grub2-boothole-vulnerabilitySep 8, 2020
Summary
A vulnerability (CVE-2020-10713) has been identified in GRUB2 bootloader that can allow arbitrary code execution during system boot when Secure Boot is enabled on Windows and Linux systems. Moxa's Cyber Security Response Team investigated the vulnerability and determined that none of Moxa's products are currently affected. The team will continue monitoring for any updates.
What this means
What could happen
No impact to Moxa products. Moxa has determined that none of their equipment is affected by the GRUB2 BootHole vulnerability.
Who's at risk
This advisory does not affect Moxa industrial control equipment or other Moxa products. Moxa has confirmed that their devices do not use the vulnerable GRUB2 bootloader component.
How it could be exploited
The GRUB2 BootHole vulnerability (CVE-2020-10713) affects the GRUB2 bootloader in Windows and Linux systems with Secure Boot enabled. An attacker with access to the system could execute arbitrary code during the boot process. However, this does not affect Moxa products.
Prerequisites
- GRUB2 bootloader in use
- Secure Boot enabled
- System boot access
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
Moxa’s Response Regarding the GRUB2 (BootHole) VulnerabilityAll versionsNo fix yet
Remediation & Mitigation
0/1
Long-term hardening
0/1HARDENINGMonitor Moxa advisory updates for any changes to product impact assessment
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/cf65d297-86c4-435a-9e4c-53b63eb137c0