Moxa has addressed a critical security flaw, CVE-2024-12297, affecting its PT switches, with a high CVSS v4 score of 9.2. The vulnerability allows attackers to bypass authentication, potentially gaining unauthorized access and disrupting services. This flaw is due to weaknesses in the authorization mechanism, despite existing verification processes. Affected devices span various models and firmware versions. Moxa recommends restricting network access and implementing multi-factor authentication to mitigate risks until patches can be applied, credited to an external researcher for the discovery.
The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. This critical flaw allows for potential authentication bypass.
Despite client-side and back-end server verification, attackers can exploit weaknesses in its implementation. This vulnerability may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes.
Successful exploitation of the shortcoming could lead to unauthorized access to sensitive configurations or disrupt services. Moxa advises restricting network access and implementing multi-factor authentication.
Patches for the vulnerability can be obtained by contacting the Moxa Technical Support team. The company credited Artem Turyshev for reporting the vulnerability.
Collection
[
|
...
]