A critical vulnerability identified as CVE-2024-12297 has been discovered in Moxa’s PT series of network switches, affecting multiple models across different product lines.
This security flaw involves an authorization logic disclosure that can be exploited to bypass authentication mechanisms, allowing malicious actors to gain unauthorized access to sensitive configurations, potentially disrupting network services.
The vulnerability, classified as CWE-656: Reliance on Security Through Obscurity, enables attackers to bypass client-side and backend server verification processes despite existing security measures.
Exploitation can lead to brute-force attacks aimed at guessing valid credentials or leveraging MD5 collision attacks to forge authentication hashes, thereby compromising device security.
Identified Vulnerability Type and Potential Impact
| Item | Vulnerability Type | Impact |
| 1 | CWE-656: Reliance on Security Through Obscurity (CVE-2024-12297) | Exploitation could allow attackers to bypass authentication, perform brute-force or MD5 collision attacks, and gain unauthorized access to sensitive configurations or disrupt services. |
The vulnerability identified in Moxa’s PT switches, CVE-2024-12297, carries significant severity. Its scoring details highlight the critical nature of this threat.
According to the Common Vulnerability Scoring System (CVSS) version 4.0, this vulnerability has a base score of 9.2, indicating high severity. The vector for this score is AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L.
This breaks down into various factors such as Attack Vector (AV), Attack Complexity (AC), and Privileges Required (PR). Specifically, an attacker can exploit this vulnerability remotely (AV:N) with low complexity (AC:L), requiring no user interaction (UI:N), and no privileges (PR:N).
The vulnerability allows high potential impact in terms of confidentiality, integrity, and availability (VC, VI, VA all set to High), but the scope for changing those impacts is limited (SC:L).
The impact on system integrity and availability is also limited (SI:L), and there is no significant scope for amplifying these impacts (SA:L).
Affected Products and Solutions
Affected Products
| Product Series | Affected Versions |
| PT-508 Series | Firmware version 3.8 and earlier |
| PT-510 Series | Firmware version 3.8 and earlier |
| PT-7528 Series | Firmware version 5.0 and earlier |
| PT-7728 Series | Firmware version 3.9 and earlier |
| PT-7828 Series | Firmware version 4.0 and earlier |
| PT-G503 Series | Firmware version 5.3 and earlier |
| PT-G510 Series | Firmware version 6.5 and earlier |
| PT-G7728 Series | Firmware version 6.5 and earlier |
| PT-G7828 Series | Firmware version 6.5 and earlier |
In addition to applying the product-specific solutions, users are advised to follow general security recommendations to enhance the security posture of their networks.
Regular updates and checks for patches are crucial in preventing the exploitation of such vulnerabilities.
This advisory serves as a call to action for both Moxa and its customers to ensure timely mitigation of the identified risks, protecting against potential malicious activities.
Users of the affected Moxa products should prioritize contacting Moxa Technical Support to obtain the necessary security patches.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
