Moxa Taiwanese has released a security update to address a critical security deficiency that affects PT switches that can allow the attacker to bypass authentication guarantees.
Vulnerability tracked as Cve-2014-12297The CVSS V4 9.2 was assigned with a maximum of 10.0.
“Multiple Moxa PT switches are vulnerable to the bypass authentication due to deficiencies in the mechanism of their authorization,” the company – Note In a consultative issue released last week.
“Despite the server check on the client and rear -level side, the attackers can use weaknesses in its implementation. This vulnerability can allow the attacks to guess about valid credentials or attacks on the MD5 collision to counterfeit authentication, potentially violating the safety of the device.”
Successful exploitation of lack, in other words, can lead to an authentication tote and allow an attacker to gain unauthorized access to sensitive configurations or services.
The disadvantage affects the following versions –
- PT-508 series (Stitching version 3.8 and before)
- PT-510 series (Stitching version 3.8 and before)
- PT-7528 series (firmware 5.0 and before)
- PT-7728 series (Firmware 3.9 and Earlier)
- PT-7828 series (Firmware 4.0 and Earlier)
- PT-G503 series (firmware 5.3 and earlier)
- PT-G510 series (firmware 6.5 and earlier)
- PT-G7728 series (firmware 6.5 and before) and
- PT-G7828 series (firmware 6.5 and earlier)
Patches for vulnerability can be obtained by contacting Technical support Moxa The team. The company counted Artem Turishev from the Moscow automated Rosatom (RASU) system for a vulnerability report.
Use the latest fixes, companies that use affected products, it is recommended to restrict access to the network using firewalls or access control lists (ACLS), store network segmentation, minimize direct impact on the Internet, implement multiform authentication (Foreign Ministry) for access to critical systems unusual activity.
It is worth noting that Moxa decided The same vulnerability in the Ethernet Switch Eds-508A series, the firmware version 3.11 and earlier, in mid-January 2025.
Development comes a little over two months after Moxa Rolled out the patches For two safety vulnerabilities affecting its cellular routers, safe routers and network security devices (CVE-2024-9138 and CVE-2014-9140), which can allow escalation of privileges and command execution.
Last month is it too address multiple Urgency drawn affected different switch (CVE-2024-7695, Cve-2014-9404 and Cve-2024-9137), which may lead to an attack of service (DOS) or command execution.
