CVE-2024-7695: Moxa Patches Critical Denial-of-Service Vulnerability in PT Switches

Moxa, a leading provider of industrial networking and communication solutions, has recently addressed a critical out-of-bounds write vulnerability affecting several of its PT switches. The vulnerability, tracked as CVE-2024-7695 and assigned a CVSS score of 7.5, could allow attackers to launch denial-of-service (DoS) attacks against affected devices, potentially disrupting critical infrastructure operations.

The vulnerability stems from insufficient input validation in the Moxa Service and Moxa Service (Encrypted) components of the PT switches. This flaw allows attackers to write data beyond the bounds of the intended memory buffer, potentially overwriting critical system data and causing the switch to crash or become unresponsive.

Successful exploitation of this vulnerability could lead to a denial-of-service condition, disrupting normal operations and potentially causing significant downtime for critical systems. The following Moxa PT switch series and firmware versions are affected:

PT-7728 Series (firmware version 3.9 and earlier)
PT-7828 Series (firmware version 4.0 and earlier)
PT-G503 Series (firmware version 5.3 and earlier)
PT-G510 Series (firmware version 6.5 and earlier)
PT-G7728 Series (firmware version 6.4 and earlier)
PT-G7828 Series (firmware version 6.4 and earlier)

Moxa has released firmware updates and patches to address this vulnerability for the affected PT switch series. Users are strongly advised to upgrade to the latest firmware versions or apply the necessary patches as soon as possible.

In addition to patching, Moxa recommends the following mitigation measures:

Disable Moxa Service and Moxa Service (Encrypted): If these services are not required for operations, temporarily disabling them can minimize potential attack vectors until a patch or updated firmware is applied.

Rate this post

Related Posts:

Found this helpful?

Leave a Reply Cancel reply