Moxa CVE-2020-11868: NTP Vulnerability in Ethernet Switches

MonitorCVSS 7.5MPSA-258681Apr 20, 2026

Moxa

Summary

CVE-2020-11868 is an origin validation error in the NTP daemon (ntpd) versions before 4.2.8p14 and 4.3.x before 4.3.100. An off-path attacker can send an NTP server mode packet with a spoofed source IP address to block unauthenticated time synchronization on the affected switch. The vulnerable ntpd process accepts and reschedules synchronization based on the spoofed packet without validating the packet's origin timestamp, allowing the attacker to prevent legitimate time updates.

What this means

What could happen

An attacker on the network can send spoofed NTP packets to block time synchronization on your Moxa Ethernet switches, preventing them from maintaining accurate time. This could disrupt time-dependent operations and logging, and may interfere with SCADA communications or control logic that relies on synchronized clocks.

Who's at risk

Moxa Ethernet switches in any industrial network or utility environment where time synchronization is used for SCADA system coordination, event logging, or control logic. This affects water utilities, electric utilities, and any facility relying on time-synchronized distributed controls.

How it could be exploited

An attacker sends a specially crafted NTP server mode packet with a spoofed source IP address to the switch. The vulnerable ntpd process accepts the packet without validating the origin timestamp and reschedules synchronization, blocking legitimate time updates. No authentication is required.

Prerequisites

Network access to the switch's NTP port (port 123/UDP)
The switch must be configured to accept NTP synchronization from network sources
No valid origin timestamp validation on incoming NTP packets

remotely exploitableno authentication requiredlow complexityno patch availableaffects switch availabilitytime-dependent operations at risk

Exploitability

Some exploitation risk — EPSS score 1.5%

Affected products (1)

ProductAffected VersionsFix Status

Ethernet SwitchesAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDDisable NTP on switches if time synchronization is not required for your control logic or SCADA system

HARDENINGImplement network segmentation to restrict access to NTP ports on switches from only trusted time servers or management networks

HARDENINGConfigure firewall rules to allow NTP traffic only from authorized NTP servers and drop spoofed or unexpected NTP packets

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf NTP is required, configure the switch to synchronize only with a primary, authenticated time source on your internal network rather than public NTP servers

CVEs (1)

CVE-2020-11868

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9c3cd516-af01-451b-a214-828ad348745f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.