Moxa CVE-2002-20001: Resource Exhaustion Vulnerability in Diffie-Hellman Key Exchange Protocol

Act NowCVSS 3.1MPSA-258261Jun 2, 2025

Moxa

Summary

CVE-2002-20001 is a resource exhaustion vulnerability in the Diffie-Hellman key exchange protocol implementation. Remote attackers can send specially crafted DHE key exchange requests that force the server to perform expensive modular exponentiation calculations, consuming CPU and degrading or denying service availability. The attack requires minimal attacker resources and is particularly effective when the client can force the server to use the largest supported key size. Any product or service that accepts DHE cipher suites is potentially affected, including Moxa devices.

What this means

What could happen

An attacker can overwhelm a Diffie-Hellman-enabled server by sending specially crafted key exchange requests, forcing expensive CPU-intensive calculations that degrade or halt communication services. If the affected Moxa device manages network access or authentication in your industrial process, this denial of service could interrupt operations.

Who's at risk

This affects any organization running Moxa networking or industrial communication devices (such as managed switches, device servers, or protocol gateways) that expose DHE-enabled encryption ports to untrusted networks or insufficient network segmentation. Water utilities, electric utilities, and manufacturers using Moxa equipment for SCADA communications or remote diagnostics should evaluate their exposure.

How it could be exploited

An attacker sends malicious Diffie-Hellman key exchange requests from the network, claiming DHE-only encryption support. The server responds by performing expensive modular exponentiation operations on the attacker-supplied numbers, consuming CPU resources with minimal effort from the attacker. Repeated requests exhaust server capacity and deny service to legitimate clients.

Prerequisites

Network access to the affected Moxa device on the port where DHE cipher suites are enabled (typically port 443 for HTTPS, 22 for SSH, or proprietary industrial protocol ports)
Server must be configured to accept DHE (Diffie-Hellman Ephemeral) cipher suites
No authentication required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (14.7%)affects service availability

Exploitability

Likely to be exploited — EPSS score 14.7%

Public Proof-of-Concept (PoC) on GitHub (2 repositories)

Affected products (1)

ProductAffected VersionsFix Status

DiffieAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDisable Diffie-Hellman (DHE) cipher suites on the affected Moxa device if not required for legacy client compatibility

HARDENINGRestrict network access to the Moxa device management and communication ports to only trusted engineering workstations and control network subnets using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor CPU usage on the affected Moxa device for sustained spikes that may indicate an active DHE resource exhaustion attack

HOTFIXContact Moxa to verify which firmware version or patch addresses CVE-2002-20001 and apply when available through your maintenance window

CVEs (1)

CVE-2002-20001

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bdeb38be-5a15-44d1-b3f9-04e10039991e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.