Ddos 
Industrial networking giant Moxa has issued a high-severity security advisory urging customers to patch a wide range of Ethernet switches against a critical authentication bypass vulnerability. The flaw, tracked as CVE-2024-12297, carries a menacing CVSS 4.0 score of 9.2, putting operational networks at significant risk of unauthorized access.
The vulnerability stems from a weakness in the frontend authorization logic of the affected devices. Despite checks on both the client and server side, the implementation is flawed, leaving the door ajar for attackers.
According to the advisory, the vulnerability exposes the authorization mechanism to manipulation. “Multiple Moxa’s Ethernet switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism,” the company states.
This isn’t just a theoretical risk; it opens specific attack vectors. The advisory warns that “this vulnerability may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes”.
If successful, an attacker could bypass authentication entirely, potentially seizing control of the switch and the industrial traffic flowing through it.
The vulnerability impacts several series of Moxa’s industrial switches, particularly those used in rugged environments like rail and automation. The affected models include:
- TN-A Series: Firmware v4.1 and earlier
- TN-4500A Series
- TN-5500A Series
- TN-G Series: Firmware v5.5 and earlier
- TN-G4500 Series
- TN-G6500 Series
Moxa has released security patches to address the issue. Users of the TN-A, TN-4500A, and TN-5500A series should contact support for patch v3.13.255, while those on the TN-G series should request patch v5.5.255.
For organizations that cannot update immediately, Moxa recommends a defense-in-depth approach. Key mitigations include:
- “Restrict Network Access” by using firewalls and segregating operational networks with VLANs.
- “Minimize Exposure” by ensuring devices are never directly exposed to the internet.
- “Secure Remote Access” using VPNs or SSH to encrypt communications.
Given the high CVSS score and the potential for brute-force compromise, administrators are advised to prioritize this update.
Related Posts:
- Critical Vulnerability in Moxa PT Switches Allows Unauthorized Access
- CVE-2024-12297 (CVSS 9.2): Critical Authorization Vulnerability in Moxa EDS-508A Series
- CVE-2024-1086: Linux Kernel Vulnerability Impacts Numerous Moxa Products
- CVE-2024-9404: Remote DoS Vulnerability Found in Moxa Industrial Switches
- Moxa PT Switches Vulnerable to CVE-2024-9404 Denial-of-Service Attack
Donate