Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Moxa Statement on “GHOST” Vulnerability (CVE-2015-0235)
Question Type Security Advisory
Updated 9/5/2017 12:18:04 PM
Hits 1
Products
Suggestions

Background and Impact
According to ICS-CERT, the “GHOST" vulnerability (CVE-2015-0235) in the “glibc” library could affect industrial systems. An authenticated local administrator could cause a denial of service of the targeted system by exploiting this vulnerability. ICS-CERT recommends the three following general defensive measures to protect against this and other cybersecurity risks:

“Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls, and isolate them from the business network.

When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.”


Impacted Products
Some Moxa devices are impacted by the “GHOST” vulnerability. Refer to the table below for a list of impacted products.


Solution for Impacted Products:
For products impacted by the “GHOST” vulnerability, Moxa will provide patches to help customers fix this issue. Refer to the table below for the expected patch date of the affected products.

Related Questions
Provide Feedback
Quality of this article
Poor                Excellent