Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL AUTHENTICATION BYPASS VULNERABILITY IN MOXA EDS-508A SERIES, PATCH IMMEDIATELY!
Image
Published : 20/01/2025
Reference:
Advisory #2025-15
Version:
1.0
Affected software:
Moxa’s Ethernet switch EDS-508A Series, with firmware = 3.11
Type:
Authentication Bypass
CVE/CVSS:
CVE-2024-12297: CVSS 9.2 (v4)(CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X)
Sources
Moxa - CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability in EDS-508A Series
Risks
This vulnerability could lead attackers to bypass authentication, potentially allowing unauthorized access to the device and its sensitive configuration. This has a high impact on confidentiality and integrity. Furthermore, the attacker could disrupt the devices operations, leading to a high impact on availability.
Description
Moxa's Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, contains flaws in its authorization mechanism. The vulnerability affects client-side and back-end server verification processes. Despite the checks done on both sides, the flaw allows an attacker to conduct brute-force and MD5 collision attacks. The vulnerability is particularly severe because it allows unauthenticated remote exploit.
Recommended Actions
Patch
Moxa has developed a security patch to address the vulnerability. Administrators are encouraged to “contact Moxa Technical Support for the security patch.”
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/nl/cert/een-incident-melden.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Security Online - CVE-2024-12297 (CVSS 9.2): Critical Authorization Vulnerability in Moxa EDS-508A Series