Product support

Security Advisories

SUMMARY

Moxa’s Response Regarding the GNU Glibc Gethostbyname Function Buffer Overflow Vulnerability (GHOST, CVE-2015-0235)

According to ICS-CERT, the “GHOST" vulnerability (CVE-2015-0235) in the “glibc” library could affect industrial systems. An authenticated local administrator could cause a denial of service of the targeted system by exploiting this vulnerability.

ICS-CERT recommends the three following general defensive measures to protect against this and other cybersecurity risks:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products

The affected products and firmware versions are shown below.

Product Category Product Series Affected Version
x86 Computres / Arm-Based  Computers IA240 Series Firmware Version 1.6 or prior
UC-7100 Series (-LX Plus model) Firmware Version 1.5 or prior
DA-660A Series Firmware Version 1.1 or prior
EM-2260 Series (-LX models) Firmware Version 1.1 or prior
IA260 Series (-LX models) Firmware Version 1.1 or prior
IA261-I Series (-LX models) Firmware Version 1.1 or prior
IA262-I Series (-LX models) Firmware Version 1.1 or prior
UC-8410 Series (-LX models) Firmware Version 2.1 or prior
UC-8416 Series (-LX models) Firmware Version 2.1 or prior
UC-8418 Series (-LX models) Firmware Version 2.1 or prior
UC-8430 Series (-LX models) Firmware Version 2.1 or prior
UC-8481 Series (-LX models) Firmware Version 1.4 or prior
DA-682A Series (-LX models) Firmware Version 1.2 or prior
DA-820 Series Firmware Version 1.0 or prior
UC-8100 Series Firmware Version 1.3 or prior
UC-8410A Series Firmware Version 1.0 or prior
Controllers and I/Os ioPAC 8500 Series Firmware Version 1.7 or prior
ioPAC 8500-IEC Series Firmware Version 1.2 or prior
ioPAC 8600 Series Firmware Version 1.0 or prior
ioPAC 8600-IEC Series Firmware Version 1.0 or prior
Protocol Gateways MGate 5101-PBM-MN Series Firmware Version 1.1 or prior
MGate5102-PBM-PN Series Firmware Version 1.2 or prior
MGate5105-MB-EIP Series Firmware Version 1.1 or prior
Serial Device Servers NPort W2150A/W2250A Series Firmware Version 1.9 or prior
MiiNePort W1 Series Firmware Version 1.1 or prior
Secure Routers ERD-810 Series Firmware Version 4.0 or prior
EDS-G902 Series Firmware Version 4.1 or prior
EDS-G903 Series Firmware Version 4.1 or prior

 

Solutions

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.

 
Product Category Product Series Solutions
x86 Computres / Arm-Based  Computers            IA240 Series Please download the new firmware/software here.
UC-7100 Series (-LX Plus model) Please download the new firmware/software here.
DA-660A Series Please download the new firmware/software here.
EM-2260 Series (-LX models) Please contact Moxa Technical Support for assistance.
IA260 Series (-LX models) Please contact Moxa Technical Support for assistance.
IA261-I Series (-LX models) Please contact Moxa Technical Support for assistance.
IA262-I Series (-LX models) Please contact Moxa Technical Support for assistance.
UC-8410 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
UC-8416 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
UC-8418 Series (-LX models)) This product has been phased out. Please contact Moxa Technical Support for assistance.
UC-8430 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
UC-8481 Series (-LX models) This product has been phased out. Please contact Moxa Technical Support for assistance.
DA-682A Series (-LX models) Please download the new firmware/software here.
DA-820 Series Please contact Moxa Technical Support for assistance.
UC-8100 Series Please download the new firmware/software here.
UC-8410A Series Please download the new firmware/software here.
Controllers and I/Os ioPAC 8500 Series Please download the new firmware/software here.
ioPAC 8500-IEC Series Please download the new firmware/software here.
ioPAC 8600 Series Please download the new firmware/software here.
ioPAC 8600-IEC Series Please download the new firmware/software here.
Protocol Gateways MGate 5101-PBM-MN Series Please download the new firmware/software here.
MGate 5102-PBM-PN Series Please download the new firmware/software here.
MGate 5105-MB-EIP Series Please download the new firmware/software here.
Serial Device Servers NPort W2150A/W2250A Series Please download the new firmware/software here.
MiiNePort W1 Series Please download the new firmware/software here.
Secure Routers ERD-810 Series Please download the new firmware/software here.
EDS-G902 Series Please download the new firmware/software here.
EDS-G903 Series Please download the new firmware/software here.

 

Revision History

Version Description Release Date
1.0 First Release May 5, 2015

Relevant Products

DA-660A Series · DA-682A Series · DA-820 Series · EDR-810 Series · EDR-G902 Series · EDR-G903 Series · EM-2260 Series · IA240 Series · IA260 Series · IA261-I/IA262-I Series · ioPAC 8500 Series · ioPAC 8600 Series · MGate 5101-PBM-MN Series · MGate 5102-PBM-PN Series · MGate 5105-MB-EIP Series · MiiNePort W1 Series · NPort W2150A/W2250A Series · UC-7100 Series · UC-8100 Series · UC-8410A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s Get That Fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag