Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.
The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0.
“Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism,” the company said in an advisory released last week.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Despite client-side and back-end server verification, attackers can exploit weaknesses in its implementation. This vulnerability may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.”
Successful exploitation of the shortcoming, in other words, could lead to an authentication bypass and allow an attacker to gain unauthorized access to sensitive configurations or disrupt services.
The flaw impacts the following versions –
- PT-508 Series (Firmware version 3.8 and earlier)
- PT-510 Series (Firmware version 3.8 and earlier)
- PT-7528 Series (Firmware version 5.0 and earlier)
- PT-7728 Series (Firmware version 3.9 and earlier)
- PT-7828 Series (Firmware version 4.0 and earlier)
- PT-G503 Series (Firmware version 5.3 and earlier)
- PT-G510 Series (Firmware version 6.5 and earlier)
- PT-G7728 Series (Firmware version 6.5 and earlier), and
- PT-G7828 Series (Firmware version 6.5 and earlier)
Patches for the vulnerability can be obtained by contacting the Moxa Technical Support team. The company credited Artem Turyshev from Moscow-based Rosatom Automated Control Systems (RASU) for reporting the vulnerability.
Outside apply the latest fixes, companies using the affected products are recommended to restrict network access using firewalls or access control lists (ACLs), enforce network segmentation, minimize direct exposure to the internet, implement multi-factor authentication (MFA) for accessing critical systems, enable event logging, and monitor network traffic and device behavior for unusual activities.
It’s worth noting that Moxa resolved the same vulnerability in the Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, back in mid-January 2025.
The development comes a little over two months after Moxa rolled out patches for two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances (CVE-2024-9138 and CVE-2024-9140) that could allow privilege escalation and command execution.
Last month, it also addressed multiple high-severity flaws affecting various switches (CVE-2024-7695, CVE-2024-9404, and CVE-2024-9137) that could result in a denial-of-service (DoS) attack, or command execution.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List