Moxa CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches
Plan PatchCVSS 8.7MPSA-240163Feb 7, 2025
Moxa
Summary
Multiple Moxa EDS, ICS, IKS, and SDS switches contain an out-of-bounds write vulnerability (CWE-787) caused by insufficient input validation. An attacker can send a crafted input that writes data beyond the buffer boundary, triggering a denial-of-service condition and crashing the switch. The vulnerability is remotely exploitable without authentication and affects network continuity of industrial control systems.
What this means
What could happen
An attacker on the network could exploit insufficient input validation in Moxa industrial switches to corrupt memory and crash the device, causing network outages and halting connected processes or equipment.
Who's at risk
Water utilities, electric utilities, and municipalities operating Moxa EDS, ICS, IKS, or SDS managed industrial switches in their SCADA networks, field control stations, and remote terminal units should evaluate their exposure. Any facility relying on these switches for process control or RTU connectivity is at risk if the devices are accessible from untrusted networks.
How it could be exploited
An attacker with network access to the switch sends a malformed input that exceeds the buffer size. The out-of-bounds write overwrites adjacent memory, triggering a denial-of-service condition that crashes the switch. No authentication is required.
Prerequisites
- Network access to the affected Moxa switch (typically port 502 for Modbus or management ports)
- No valid credentials needed
- Device must be reachable from the attacker's network
remotely exploitableno authentication requiredlow complexity attackhigh CVSS score (7.5–8.7)no patch availableaffects network availability critical to industrial operations
Exploitability
Unlikely to be exploited — EPSS score 0.3%
Affected products (1)
ProductAffected VersionsFix Status
SDS SwitchesAll versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to affected Moxa switches using firewall rules—allow management and operational traffic only from authorized engineering workstations and control systems
Mitigations - no patch available
0/2SDS Switches has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate affected SDS switches from public-facing and untrusted networks
HARDENINGMonitor for unexpected traffic patterns to the affected switches; alert on connections from unauthorized sources
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e863f64c-c140-4c87-84fe-b45f0a00ad58Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.