Moxa CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches

Plan Patch8.7MPSA-240163Feb 7, 2025

Summary

An out-of-bounds write vulnerability in Moxa EDS, ICS, IKS, and SDS switches is caused by insufficient input validation. Attackers can send malformed network traffic to trigger a buffer overflow that overwrites memory beyond the intended boundaries. Successful exploitation leads to a denial-of-service condition where the switch crashes and ceases to forward traffic, disrupting connectivity to connected industrial equipment. The vulnerability is remotely exploitable without authentication. Unauthenticated attackers on the network can trigger the crash with specially crafted packets.

What this means

What could happen

An attacker can remotely crash the affected Moxa switches by sending malformed traffic, causing a denial-of-service that interrupts network connectivity to connected equipment like PLCs, sensors, and remote sites.

Who's at risk

Water utilities and electric utilities using Moxa EDS, ICS, IKS, or SDS managed switches for network connectivity in control systems. Any facility relying on these switches to connect remote terminal units (RTUs), programmable logic controllers (PLCs), or SCADA systems to the central monitoring network is affected.

How it could be exploited

An attacker sends specially crafted packets to the vulnerable switch over the network. The insufficient input validation allows the malicious data to write beyond the buffer's bounds in the switch's memory, causing the device to crash and stop forwarding traffic.

Prerequisites

Network access to the affected Moxa switch on its network ports
No credentials required
No special network configuration needed

remotely exploitableno authentication requiredlow complexityhigh CVSS score (8.7)no patch availabledenial-of-service impact on operations

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

SDS SwitchesAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGApply network segmentation: place affected Moxa switches behind a firewall and restrict access to engineering personnel only. Do not expose them directly to untrusted networks.

HARDENINGMonitor affected switches for unexpected crashes or reboots that may indicate exploitation attempts.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa to request firmware patches or workarounds, as no fix is currently available for SDS Switches.

CVEs (1)

CVE-2024-7695

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e863f64c-c140-4c87-84fe-b45f0a00ad58