Taiwanese company Moxa has released a security update to address critical security flaws affecting PT switches that allow attackers to bypass authentication guarantees.
The vulnerability tracked as CVE-2024-12297 is assigned a CVSS V4 score of 9.2 out of 10.0.
“Several MOXA PT switches are vulnerable to authentication bypass due to flawed authentication mechanisms,” the company said in an advisory released last week.
“Despite client-side and backend server validation, attackers can take advantage of the weaknesses of their implementation. This vulnerability allows brute force attacks to infer valid credentials or MD5 collision attacks to build authentication hashs, which could undermine the security of the device.”
In other words, successful exploitation of shortcomings can lead to authentication bypassing, which can lead to attackers gain unauthorized access to confidential configurations or destroy services.
The defect affects the next version –
PT-508 series (Firmware version 3.8 or earlier) PT-510 series (Firmware version 3.8 or earlier) PT-7528 series (Firmware version 5.0 or earlier) PT-7728 series (Firmware version 3.9 or earlier) PT-7828 series (Firmware version 4.0 or earlier) series (Firmware version 6.5 or earlier) and PT-G7828 series (Firmware version 6.5 or earlier)
Vulnerability patches can be obtained by contacting the MOXA Technical Support Team. The company evaluated Artem Turyshev from Moscow-based Rosatom Automated Control Systems (RASU) to report the vulnerability.
Outside of applying the latest fixes, businesses using affected products use firewalls or access control lists (ACLs) to restrict network access, perform network segmentation, minimize direct exposure to the Internet, implement multi-factor authentication (MFA) to access critical systems, enable event logging, and monitor network traffic and device behavior.
Please note that in mid-January 2025, Moxa resolved the same vulnerability on the Ethernet switch EDS-508A series, running firmware version 3.11 or earlier.
This development allows privilege escalation and command execution within just over two months after MOXA deployed patches for two security vulnerabilities affecting cellular routers, secured actors, and network security appliances (CVE-2024-9138 and CVE-2024-9140).
Last month we addressed multiple altitude flaws affecting various switches (CVE-2024-7695, CVE-2024-9404, and CVE-2024-9137).
Source link
