Moxa PT-7728 Series Switch Improper Authorization Vulnerability

Monitor7.7ICS-CERT ICSA-16-168-01Mar 20, 2016

Attack VectorNetwork

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Moxa PT-7728 Series switches contain an improper authorization vulnerability (CWE-285) that allows users with valid credentials to escalate privileges and access administrative functions without requiring administrative credentials. The vulnerability affects PT-7728 firmware version 3.4_build_15081113. An attacker with standard user-level access to the switch management interface could exploit authorization flaws to gain administrator-level control over the device.

What this means

What could happen

A user with limited network access credentials could gain higher-level control of the PT-7728 switch, potentially allowing them to modify network configuration, intercept traffic, or disrupt communication between critical control devices.

Who's at risk

Water utilities and electric cooperatives using Moxa PT-7728 switches in industrial networks for connecting PLCs, RTUs, HMIs, and SCADA systems. Any organization with these switches in mission-critical control network infrastructure should prioritize this assessment.

How it could be exploited

An attacker with valid user-level credentials could log into the PT-7728 switch via the web interface or command-line interface and exploit improper authorization checks to access administrative functions without requiring admin credentials. This allows privilege escalation from standard user to administrator level.

Prerequisites

Valid user-level credentials for PT-7728 switch
Network access to switch management interface (web UI or SSH/Telnet)
Knowledge of administrative functions available for exploitation

remotely exploitablerequires valid credentialsaffects network infrastructure deviceno patch availableprivilege escalation

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

PT-7728 Series: 3.4_build_150811133.4 build 15081113No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to PT-7728 management interface using firewall rules; limit access to authorized engineering workstations and maintenance networks only

HARDENINGEnforce strong authentication for all user accounts on PT-7728 switches

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor access logs for PT-7728 switches to detect unauthorized administrative activity or failed privilege escalation attempts

Mitigations - no patch available

0/1

PT-7728 Series: 3.4_build_15081113 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate PT-7728 switches on a protected segment separate from untrusted networks

CVEs (1)

CVE-2016-4514

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/244d60ab-c43c-47ad-8af9-ebfc1dad897b