Moxa CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability in EDS-508A Series

Plan PatchCVSS 9.2MPSA-241407Jan 15, 2025

Moxa

Summary

Moxa EDS-508A Series Ethernet switches running firmware version 3.11 and earlier contain a flawed authorization mechanism that allows attackers to bypass authentication through brute-force attacks or MD5 collision attacks. The vulnerability stems from reliance on security through obscurity (CWE-656) and insufficient back-end verification of authentication credentials. Successful exploitation grants an attacker unauthorized access to device configuration, potentially allowing modification of network settings or service disruption. The vulnerability requires network access and is unauthenticated.

What this means

What could happen

An attacker could bypass authentication on Moxa EDS-508A network switches and gain unauthorized access to configuration settings, potentially allowing them to alter network traffic routing, disable the switch, or reconfigure critical industrial network segments.

Who's at risk

Water utilities and electric utilities operating industrial Ethernet switches, particularly those using Moxa EDS-508A switches for process network connectivity or SCADA system communications, should assess whether this device is on critical paths and restrict access immediately.

How it could be exploited

An attacker on the network sends crafted authentication requests to the EDS-508A management interface. By exploiting weaknesses in the authorization logic, they can either brute-force credentials or forge authentication hashes using MD5 collisions to bypass login controls and access the device's configuration interface without valid credentials.

Prerequisites

Network access to the EDS-508A device management port (typically Ethernet/IP-based management interface)
Device is running firmware version 3.11 or earlier
Management interface is accessible from the attacker's network segment

remotely exploitableno authentication requiredlow complexityno patch availableaffects network control infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

EDSAll versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network access controls: restrict management traffic to the EDS-508A to only authorized engineering workstations or a secure out-of-band management network using firewall rules

WORKAROUNDDisable remote management access to the EDS-508A if not required for operations; configure local console management only

HARDENINGChange default administrative credentials on the EDS-508A to strong, unique passwords if not already done

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor authentication logs on the EDS-508A for repeated failed login attempts or unusual access patterns that may indicate brute-force attacks

HOTFIXMonitor Moxa security advisories for a firmware update to version 3.12 or later when available

CVEs (1)

CVE-2024-12297

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f0f832b6-5795-4d91-866b-df49f79c6a34

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.