Mar 11, 2025Ravie LakshmananICS Security / Vulnerability

Taiwanese company Moxa has recently released a security update to address a critical security flaw impacting its PT switches, which could potentially allow an attacker to bypass authentication guarantees.

The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0, indicating a high level of severity.

According to the company’s advisory, “Multiple Moxa PT switches are vulnerable to an authentication bypass due to flaws in their authorization mechanism.” The company further explained that despite client-side and back-end server verification, attackers can exploit weaknesses in its implementation, potentially enabling brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, compromising the security of the device.

Successful exploitation of this vulnerability could lead to an authentication bypass, allowing an attacker to gain unauthorized access to sensitive configurations or disrupt services.

The affected products include:

• PT-508 Series (Firmware version 3.8 and earlier)
• PT-510 Series (Firmware version 3.8 and earlier)
• PT-7528 Series (Firmware version 5.0 and earlier)
• PT-7728 Series (Firmware version 3.9 and earlier)
• PT-7828 Series (Firmware version 4.0 and earlier)
• PT-G503 Series (Firmware version 5.3 and earlier)
• PT-G510 Series (Firmware version 6.5 and earlier)
• PT-G7728 Series (Firmware version 6.5 and earlier)
• PT-G7828 Series (Firmware version 6.5 and earlier)

Patches for the vulnerability can be obtained by contacting the Moxa Technical Support team. The company credited Artem Turyshev from Moscow-based Rosatom Automated Control Systems (RASU) for reporting the vulnerability.

In addition to applying the latest fixes, companies using the affected products are recommended to restrict network access using firewalls or access control lists (ACLs), enforce network segmentation, minimize direct exposure to the internet, implement multi-factor authentication (MFA) for accessing critical systems, enable event logging, and monitor network traffic and device behavior for unusual activities.

It is worth noting that Moxa resolved the same vulnerability in the Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, back in mid-January 2025.

The development comes a little over two months after Moxa rolled out patches for two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances (CVE-2024-9138 and CVE-2024-9140) that could allow privilege escalation and command execution.

Last month, it also addressed multiple high-severity flaws affecting various switches (CVE-2024-7695, CVE-2024-9404, and CVE-2024-9137) that could result in a denial-of-service (DoS) attack, or command execution.