OTPulse
FeedAboutContact

Moxa EDS Ethernet Switches

Monitor7.5ICS-CERT ICSA-19-353-01Dec 19, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability (CWE-400) in Moxa EDS Ethernet switch series allows an attacker to send crafted packets that cause the target device to go out of service. Affected firmware versions are 6.0 and earlier on EDS-G508E, EDS-G516E, and EDS-G512E models. No public exploit is known. Moxa has developed a patch available through Technical Support.

What this means
What could happen
An attacker could disrupt network connectivity on affected Moxa switches, causing them to go out of service and potentially interrupting communication to critical devices on your network or water/power distribution systems.
Who's at risk
Water utilities and electric utilities that operate Moxa EDS-G508E, EDS-G516E, or EDS-G512E Ethernet switches for interconnecting PLCs, remote terminal units (RTUs), and SCADA servers. These switches are commonly used as industrial network infrastructure in treatment plants, pump stations, and substations.
How it could be exploited
An attacker on the network can send crafted packets to the switch that cause a denial of service condition. The attack requires only network reachability to the switch; no credentials or authentication are needed.
Prerequisites
  • Network access to the affected Moxa switch on port where it listens for management or data traffic
  • No authentication required
Remotely exploitableNo authentication requiredLow attack complexityNo patch currently availableCould disrupt critical infrastructure operations
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
EDS-G508E Series: Firmware≤ 6.0No fix yet
EDS-G516E Series: Firmware≤ 6.0No fix yet
EDS-G512E Series: Firmware≤ 6.0No fix yet
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to affected Moxa switches using firewall rules; allow traffic only from authorized engineering workstations and management systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa Technical Support to obtain and deploy the security patch for affected firmware versions
Long-term hardening
0/2
HARDENINGSegment your control system network from the business network using a firewall or network switch; do not allow direct routing from office or guest networks to devices connected to Moxa switches
HARDENINGIf remote access to the switch is required, use a VPN or out-of-band management channel (e.g., serial console) instead of direct network access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e0b1d0f1-47a6-482e-a81e-5ca2c31c0c0d