Moxa Industrial Managed Switch Vulnerabilities

Low RiskICS-CERT ICSA-15-246-03Jun 6, 2015

Summary

Moxa EDS-405A and EDS-408A series managed Ethernet switches contain an authorization flaw (CWE-269) that allows an attacker to gain unauthorized administrative access to the switch management interface without valid credentials. An attacker with network access could exploit insufficient access controls to execute arbitrary administrative commands on the switch. Moxa has not planned to release a firmware patch for this product line.

What this means

What could happen

An attacker with network access could gain unauthorized administrative control of the managed switch, allowing them to alter network configuration, redirect traffic, or disrupt connectivity to connected devices and sensors.

Who's at risk

Manufacturing facilities and utilities operating Moxa EDS-405A/EDS-408A managed Ethernet switches for industrial network connectivity should evaluate this risk. These switches are commonly used in manufacturing plants, water systems, and power distribution to provide managed connectivity for PLCs, RTUs, sensors, and other field devices.

How it could be exploited

An attacker on the network could access the switch's management interface (web GUI or Telnet) without proper authentication due to insufficient access controls, then execute administrative commands to modify switch settings or enable further network-level attacks.

Prerequisites

Network access to the switch management interface (typically TCP 80, 443, or 23)
No valid credentials required (authentication bypass)

Remotely exploitableNo authentication requiredNo fix planned by vendorAffects network infrastructure critical to operations

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Moxa EDS-405A/EDS-408A series managed Ethernet switches: <=firmware_V3.4_build_14031419≤ firmware V3.4 build 14031419No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to the switch management interface using firewall rules; allow only authorized engineering workstations to reach the switch on management ports (80, 443, 23)

HARDENINGDisable Telnet and use SSH only for remote management if the switch supports it

HARDENINGIf available, change default administrative credentials and enforce strong passwords on the management account

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor switch configuration changes and access logs for unauthorized modifications

CVEs (1)

CVE-2015-6464

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0078d733-5fb3-4e4c-8987-da36c9917b40