Moxa EDS-G516E and EDS-510E Series Ethernet Switches

Act Now9.8ICS-CERT ICSA-20-056-04Feb 25, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Moxa EDS-G516E and EDS-510E Series Ethernet switches contain multiple critical vulnerabilities in firmware version 5.2 and earlier. These include buffer overflow (CWE-121, CWE-120), weak cryptography (CWE-327), hardcoded credentials (CWE-798), and plaintext transmission (CWE-319). An attacker on the network can exploit these flaws without credentials to crash the device, execute arbitrary code, or access sensitive configuration data.

What this means

What could happen

An attacker with network access to these Ethernet switches could crash the device, execute arbitrary code to alter network traffic or disable switching functions, or extract sensitive configuration data. This would disrupt communication between field devices and control systems in your network.

Who's at risk

Water utilities and municipalities using Moxa EDS-G516E or EDS-510E series Ethernet switches in their control networks should act immediately. These switches are commonly used to connect PLCs, SCADA servers, field instrumentation, and remote terminal units (RTUs). If a switch fails or is compromised, communication between your control center and field devices will be disrupted.

How it could be exploited

An attacker on the network sends a specially crafted packet to the switch's management interface. The switch contains buffer overflow and weak cryptography flaws that allow the attacker to run code on the device without credentials. Once running code on the switch, the attacker can intercept traffic, disable the device, or establish persistence.

Prerequisites

Network access to the EDS-G516E or EDS-510E switch
Device firmware version 5.2 or earlier
No authentication required

Remotely exploitable without authenticationLow complexity attackHigh CVSS score (9.8)No patch currently available for EDS-510EAffects network infrastructure layer used by critical systemsDefault or weak credentials may be present

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (2)

1 pending1 EOL

ProductAffected VersionsFix Status

EDS-G516E Series firmware:≤ 5.2No fix yet

EDS-510E Series firmware:≤ 5.2No fix (EOL)

Remediation & Mitigation

0/8

Do now

0/4

WORKAROUNDEnable password protection on the configuration file using the Configuration File Encryption setting.

WORKAROUNDEnable HTTPS on the management interface instead of HTTP.

WORKAROUNDEnable Account Login Failure Lockout function to prevent brute-force attacks on administrative access.

HARDENINGRestrict network access to the switch's management port using firewall rules; only allow trusted administrative IP addresses.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXFor EDS-G516E: Download and install the latest firmware from Moxa as soon as a patched version is available.

HOTFIXFor EDS-510E: Contact Moxa Technical Support immediately to request a patched firmware version.

Mitigations - no patch available

0/2

EDS-510E Series firmware: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the Ethernet switch on a separate management network segment, separate from both the field network and the corporate business network.

HARDENINGImplement network segmentation and ensure the switch is not directly reachable from the Internet or untrusted networks.

CVEs (7)

CVE-2020-7007 CVE-2020-7001 CVE-2020-6979 CVE-2020-6981 CVE-2020-6999 CVE-2020-6997 CVE-2020-6991

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d29f5f32-cfa2-4575-a164-43b46b5b21d3