Moxa CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches

Plan PatchCVSS 8.7MPSA-240162Jan 29, 2025

Moxa

Summary

Multiple Moxa PT switches are affected by an out-of-bounds write vulnerability (CVE-2024-7695) caused by insufficient input validation. Attackers can send specially crafted packets to overwrite memory beyond the buffer's bounds, leading to denial-of-service conditions and system shutdown. The vulnerability is remotely exploitable without authentication. Moxa has indicated no firmware patch will be released for affected versions.

What this means

What could happen

An attacker could remotely crash a Moxa PT switch by exploiting an out-of-bounds write vulnerability, causing denial of service and disrupting network communications for connected industrial equipment.

Who's at risk

Water utilities, electric distribution operators, and other industrial facilities relying on Moxa PT switches for network communication between PLCs, RTUs, remote terminals, and supervisory systems should treat this as a priority concern, especially if those switches are connected to external-facing networks or management VLANs.

How it could be exploited

An attacker sends a specially crafted network packet to a PT switch with insufficient input validation. The packet causes data to be written beyond the buffer's bounds, corrupting memory and crashing the device. No authentication is required, and the attack works over the network from any accessible location.

Prerequisites

Network-layer access to the PT switch (typically port 502 or other industrial protocol ports)
The switch exposed to or reachable from the attacker's network

remotely exploitableno authentication requiredlow complexityno patch availableaffects critical network infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

Multiple PT SwitchesAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to affected PT switches using firewall rules—only permit connections from trusted engineering workstations and control systems on the same network segment

HARDENINGIsolate PT switches to a dedicated, air-gapped network segment if possible to reduce attack surface exposure

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor traffic to and from PT switches for unusual patterns or unexpected connection attempts

Mitigations - no patch available

0/1

Multiple PT Switches has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGContact Moxa support to inquire about end-of-life timeline and recommended alternative switch models with active security support

CVEs (1)

CVE-2024-7695

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4544bc45-0288-4812-896d-b5da16e76b27

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.