Moxa CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability in Ethernet Switches
Plan Patch9.2MPSA-241409Feb 4, 2026
Summary
Multiple Moxa Ethernet switches contain flaws in their authentication and authorization mechanism that allow attackers to bypass login controls. The vulnerability stems from weak implementation of client-side and back-end verification, enabling brute-force attacks to guess valid credentials or MD5 hash collision attacks to forge authentication tokens. Unauthenticated remote exploitation is possible.
What this means
What could happen
An attacker could gain unauthorized administrative access to your Ethernet switches without valid credentials, allowing them to reconfigure network connectivity, alter switch settings, or disrupt industrial network communications critical to plant operations.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators relying on Moxa Ethernet switches for industrial network connectivity should be concerned. This affects all versions of Moxa Ethernet switches used to manage PLCs, SCADA systems, remote terminal units (RTUs), and other control network devices. Any facility with unpatched Moxa switches on the operational technology network is at risk.
How it could be exploited
An attacker on the network sends connection requests to the switch's management interface (default port 502/Modbus or web interface). They exploit the weak authentication logic by either brute-forcing credentials against the flawed verification mechanism or crafting forged MD5 authentication hashes to bypass login. Once authenticated, they gain full administrative control of the switch.
Prerequisites
- Network reachability to the Moxa Ethernet switch management interface (port 502 or web management port)
- No authentication or credentials required to initiate the attack
- The switch must be configured with its default or any valid user account (attacker does not need to know the password)
remotely exploitableno authentication requiredlow complexityno patch availableaffects critical network infrastructure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Ethernet SwitchesAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDImmediately restrict network access to the Moxa Ethernet switch management interface using firewall rules. Allow only your authorized engineering workstations or management systems to connect to ports 502 (Modbus) and the web management port (typically 80/443). Block all other incoming connections.
WORKAROUNDDisable remote management access to the switch if not required for operations. Use the switch's configuration interface to disable Telnet, HTTP, or SNMP access, and restrict Modbus access to only trusted internal networks.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXMonitor for firmware or security updates from Moxa (MPSA-241409). Contact Moxa support to determine if a patched firmware version is available or in development. If a fix becomes available, schedule and apply the update during a maintenance window.
Mitigations - no patch available
0/2Ethernet Switches has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIf possible, segment the switch onto an isolated industrial network that is not directly reachable from corporate networks, untrusted networks, or the internet. Use a management jump host or VPN to access the switch only when configuration changes are needed.
HARDENINGEnable logging and alert monitoring on the switch if available. Log all login attempts and administrative changes. Review logs regularly for unauthorized access attempts or failed authentication activity.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/beb60352-3153-4538-ad3c-def08b8854b4