Introduction
Moxa, a Taiwanese industrial networking solutions provider, has released a security update to address a critical authentication bypass vulnerability affecting its PT series switches. The flaw, identified as CVE-2024-12297, has received a CVSS v4 score of 9.2 out of 10. This vulnerability could allow attackers to bypass authentication mechanisms, potentially leading to unauthorized access and service disruption.
Authentication Bypass Vulnerability
Moxa has confirmed that multiple PT switch models contain weaknesses in their authorization mechanisms, making them susceptible to authentication bypass. Despite implementing client-side and back-end server verification, attackers can exploit these flaws using brute-force techniques to guess valid credentials or MD5 collision attacks to forge authentication hashes. Successful exploitation could lead to unauthorized access to sensitive configurations or disruption of network services.
Affected Products
The vulnerability impacts several Moxa PT switch models running specific firmware versions:
PT-508 Series (Firmware version 3.8 and earlier)
PT-510 Series (Firmware version 3.8 and earlier)
PT-7528 Series (Firmware version 5.0 and earlier)
PT-7728 Series (Firmware version 3.9 and earlier)
PT-7828 Series (Firmware version 4.0 and earlier)
PT-G503 Series (Firmware version 5.3 and earlier)
PT-G510 Series (Firmware version 6.5 and earlier)
PT-G7728 Series (Firmware version 6.5 and earlier)
PT-G7828 Series (Firmware version 6.5 and earlier)
Security Updates and Recommendations
To mitigate the risk associated with CVE-2024-12297, Moxa has urged users of the affected products to apply the latest firmware updates, which can be obtained through Moxa’s Technical Support team. The company has credited Artem Turyshev from Rosatom Automated Control Systems (RASU) for discovering and reporting the vulnerability.
In addition to applying the patches, Moxa recommends that organizations enhance their security posture by implementing the following measures:
Restrict network access using firewalls or access control lists (ACLs).
Enforce network segmentation to limit exposure.
Minimize direct internet exposure of affected devices.
Implement multi-factor authentication (MFA) for accessing critical systems.
Enable event logging to track unusual activities.
Continuously monitor network traffic and device behavior for signs of compromise.
Related Security Patches
Moxa had previously addressed the same vulnerability in the Ethernet switch EDS-508A Series running firmware version 3.11 and earlier, releasing a fix in January 2025. Additionally, in recent months, the company has released patches for multiple security flaws in its cellular routers, secure routers, and network security appliances. These include:
CVE-2024-9138 and CVE-2024-9140: Allowed privilege escalation and command execution.
CVE-2024-7695, CVE-2024-9404, and CVE-2024-9137: High-severity vulnerabilities that could result in denial-of-service (DoS) attacks or remote command execution.
Conclusion
Moxa’s prompt response to addressing CVE-2024-12297 underscores the importance of continuous security improvements in industrial networking equipment. Organizations using the affected PT switches should prioritize updating their firmware and implementing recommended security practices to safeguard their networks against potential exploitation. Regular security assessments and proactive monitoring remain crucial in mitigating the risks associated with evolving cyber threats.
0 Comments