CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow

Westermo is working on a permanent fix for a vulnerability reported in CVE-2015-7547. Until then, we recommend user of WeOS versions 4.12.0 through 4.18.0 to consider reconfiguration of DNS and static hostname lookup as follows:

  • Configure DNS servers to be
  • Add static hostname lookup entries for all hostnames configured in the device
  • Refer to the WeOS appropriate Management Guide for more information. For WeOS version 4.18.0, the relevant sections are:

o    19.3.3 DNS client – setting DNS server and dynamic DNS
o    19.7.8 Add static hostname lookup entry

An attacker that successfully masquerade as an upstream DNS server may serve the WeOS device with malicious DNS query response that can allow the attacker full unauthorized access to the device.

 “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.”

Download Westermo Security Advisory WEOS-16-03.

More information:


Westermo data networks maximise availability of twin Spanish solar power plants

Westermo switches create resilient, easy to install network solution at plants supplying electricity to 45,000 homes

Highly reliable data communications networks created by Westermo are helping to maximise the availability of two thermal solar power plants in south-western Spain. The Ethernet-based networks have been installed to support the control of 225,000 mirrors at the twin La Florida and La Dehesa concentrating solar power plants. The two plants, owned by Renovables SAMCA, each have a capacity of 49.9 MWe, enough to support more than 45,000 homes.

Reliable data communications are essential for the production of electricity. Should connection be lost between the mirrors and control rooms, the collectors are automatically set to safe mode and do not transfer energy. Westermo was therefore tasked with providing a resilient and easy to install solution that would maximise plant availability.

“Any interruptions to the communications affect our ability to generate power,” said César Labarga, Electrical Engineer and Project Manager for solar field control systems at Renovables SAMCA, who was responsible for implementing the network at both sites. “We needed a very reliable solution and this is what we have been provided by Westermo. We are very happy with how the networks are performing. It is a really stable and reliable solution.”

Because the La Florida and La Dehesa plants are identical, the same solution was installed at each plant. The networks were designed around a central dual gigabit fibre optic ring using 25 Westermo RedFox managed industrial Ethernet switches. Nine sub rings consisting of 120 Westermo Lynx switches were added to reach out to the different parts of each plant. All individual rings in the network run the Westermo FRNT ring protocol, which enables 20 ms reconfiguration of the network in the event of link (cable or switch) failure.

To ensure the installation process was quick and simple, Westermo built, configured and tested both networks in advance in its laboratory in Sweden. An entire network, including all 290 switches, was mounted on a huge ‘network wall’, enabling it to be fully configured and tested prior to installation.

“We also needed a solution that was quick and simple to install,” said Labarga. “Having Westermo configure all devices and thoroughly test both networks beforehand was essential to this project.“

The installation process was extremely efficient, with all switches installed and both networks up and running in less than three hours. Since then the networks have proved to be extremely reliable, with no reported problems or serious incidents.

Read the full story here

Request a quote

Your contact information:
Your name:
Your company:
Your country:
Your telephone:
Your E-mail address:
Your message:
I would like to subscribe to your monthly newsletter
The subscription can be terminated at any time and your email address will not be forwarded or used for any other purpose.
You do not have JavaScript: