Critical Vulnerabilities in Moxa Switches Enable Unauthorized Access

A critical vulnerability identified as CVE-2024-12297 has been discovered in Moxa’s PT series of network switches, affecting multiple models across different product lines.

This security flaw involves an authorization logic disclosure that can be exploited to bypass authentication mechanisms, allowing malicious actors to gain unauthorized access to sensitive configurations, potentially disrupting network services.

The vulnerability, classified as CWE-656: Reliance on Security Through Obscurity, enables attackers to bypass client-side and backend server verification processes despite existing security measures.

Exploitation can lead to brute-force attacks aimed at guessing valid credentials or leveraging MD5 collision attacks to forge authentication hashes, thereby compromising device security.

Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	CWE-656: Reliance on Security Through Obscurity (CVE-2024-12297)	Exploitation could allow attackers to bypass authentication, perform brute-force or MD5 collision attacks, and gain unauthorized access to sensitive configurations or disrupt services.

The vulnerability identified in Moxa’s PT switches, CVE-2024-12297, carries significant severity. Its scoring details highlight the critical nature of this threat.

According to the Common Vulnerability Scoring System (CVSS) version 4.0, this vulnerability has a base score of 9.2, indicating high severity. The vector for this score is AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L.

This breaks down into various factors such as Attack Vector (AV), Attack Complexity (AC), and Privileges Required (PR). Specifically, an attacker can exploit this vulnerability remotely (AV:N) with low complexity (AC:L), requiring no user interaction (UI:N), and no privileges (PR:N).

The vulnerability allows high potential impact in terms of confidentiality, integrity, and availability (VC, VI, VA all set to High), but the scope for changing those impacts is limited (SC:L).

The impact on system integrity and availability is also limited (SI:L), and there is no significant scope for amplifying these impacts (SA:L).

Affected Products and Solutions

Affected Products

Product Series	Affected Versions
PT-508 Series	Firmware version 3.8 and earlier
PT-510 Series	Firmware version 3.8 and earlier
PT-7528 Series	Firmware version 5.0 and earlier
PT-7728 Series	Firmware version 3.9 and earlier
PT-7828 Series	Firmware version 4.0 and earlier
PT-G503 Series	Firmware version 5.3 and earlier
PT-G510 Series	Firmware version 6.5 and earlier
PT-G7728 Series	Firmware version 6.5 and earlier
PT-G7828 Series	Firmware version 6.5 and earlier

In addition to applying the product-specific solutions, users are advised to follow general security recommendations to enhance the security posture of their networks.

Regular updates and checks for patches are crucial in preventing the exploitation of such vulnerabilities.

This advisory serves as a call to action for both Moxa and its customers to ensure timely mitigation of the identified risks, protecting against potential malicious activities.

Users of the affected Moxa products should prioritize contacting Moxa Technical Support to obtain the necessary security patches.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.