CVE-2024-12297

CRITICAL

Moxa's Ethernet switch - Auth Bypass

Title source: llm

Description

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

References (2)

Core 2

Core References

Various Sources vendor-advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series

Various Sources vendor-advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches

Scores

CVSS v4 9.2

EPSS 0.0023

EPSS Percentile 45.2%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-656

Status published

Products (10)

Moxa/EDS-508A Series 1.0 - 3.11

Moxa/PT-508 Series 1.0 - 3.8

Moxa/PT-510 Series 1.0 - 3.8

Moxa/PT-7528 Series 1.0 - 5.0

Moxa/PT-7728 Series 1.0 - 3.9

Moxa/PT-7828 Series 1.0 - 4.0

Moxa/PT-G503 Series 1.0 - 5.3

Moxa/PT-G510 Series 1.0 - 6.5

Moxa/PT-G7728 Series 1.0 - 6.5

Moxa/PT-G7828 Series 1.0 - 6.5

Published Jan 15, 2025

Tracked Since Feb 18, 2026