Moxa CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability in EDS-508A Series

Plan Patch9.2MPSA-241407Jan 15, 2025

Summary

Moxa EDS-508A Ethernet switches (firmware 3.11 and earlier) contain a flaw in the authorization mechanism that allows attackers to bypass authentication through brute-force credential guessing or MD5 collision attacks. The vulnerability stems from reliance on weak security implementation where both client-side and backend verification is involved but improperly designed. Successful exploitation grants unauthorized access to device configuration, potentially allowing an attacker to modify network settings, disable ports, or disrupt communications in critical infrastructure networks.

What this means

What could happen

An attacker could bypass authentication on the EDS-508A switch by exploiting weak authorization logic, gaining unauthorized access to network configuration, port management, and potentially disabling network connectivity for critical infrastructure.

Who's at risk

Water authorities and municipal electric utilities using Moxa EDS-508A Ethernet switches for network connectivity in control rooms or SCADA networks. This affects any organization where the switch is accessible from an untrusted network segment or where remote management is enabled.

How it could be exploited

An attacker on the network sends authentication requests to the management interface of the EDS-508A. By exploiting weaknesses in the authorization mechanism—either through brute-force credential guessing or MD5 collision attacks—the attacker can forge or bypass authentication without needing valid credentials. Once authenticated, they can modify switch configuration, disable ports, or perform other administrative actions.

Prerequisites

Network access to the EDS-508A management interface (typically port 80/443 or 502 for Modbus)
No valid credentials required—the vulnerability allows bypass of the authentication check

Remotely exploitableNo authentication required to exploitLow attack complexityCritical severity (CVSS 9.2)Affects network infrastructure device with potential operational impactNo patch currently available for all versions

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

EDSAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict management interface access via firewall rules to authorized engineering workstations and control center IPs only

HARDENINGDisable remote management access if not required; use local serial console only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EDS-508A firmware to version 3.12 or later (vendor has issued a fix)

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the EDS-508A on a management VLAN with strict access controls

CVEs (1)

CVE-2024-12297

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f0f832b6-5795-4d91-866b-df49f79c6a34