Moxa has issued a security advisory detailing CVE-2024-12297 (CVSS 9.2), a critical vulnerability in its EDS-508A Series Ethernet switches. This flaw, which affects devices running firmware version 3.11 and earlier, could allow attackers to bypass authentication and gain unauthorized access to sensitive device configurations or disrupt operations.
Moxa’s EDS-508A Series Ethernet switches are widely used in industrial automation and critical infrastructure networks. They are essential for connecting and managing devices in operational environments, making their security crucial.
The vulnerability stems from weaknesses in the authorization mechanism of the switches. Despite using both client-side and server-side verification, the implementation flaws enable attackers to exploit the system through methods such as:
- Brute-Force Attacks: Systematic guessing of valid credentials.
- MD5 Collision Attacks: Forging authentication hashes to bypass security controls.
According to Moxa, “Exploitation of this vulnerability could allow attackers to bypass authentication, perform brute-force or MD5 collision attacks, and gain unauthorized access to sensitive configurations or disrupt services.”
The CVE-2024-12297 vulnerability is particularly severe because it allows for unauthenticated remote exploits, making it possible for attackers to infiltrate systems from across the internet without needing prior access.
This flaw affects EDS-508A Series running the firmware version 3.11 and earlier. Moxa has developed a security patch to address the vulnerability. Administrators are encouraged to “contact Moxa Technical Support for the security patch.”
While awaiting or applying the patch, Moxa advises the following mitigations:
- Restrict Network Access:
- “Minimize network exposure to ensure the device is not accessible from the Internet.”
- Limit SSH access to trusted IP addresses and networks using firewalls or TCP wrappers.
- Deploy Intrusion Detection/Prevention Systems (IDS/IPS):
- “Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts.”
- Secure Device Configurations:
- Regularly audit and update device configurations to ensure they adhere to best practices.
Related Posts:
- CVE-2024-1086: Linux Kernel Vulnerability Impacts Numerous Moxa Products
- CVE-2024-9137 (CVSS 9.4) in Moxa’s Cellular Routers and Security Appliances: Immediate Patching Required
- CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action
- Linux Kernel 6.9 Reaches End of Life, Users Urged to Upgrade for Continued Security
