Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches

Mar 11, 2025Ravie LakshmananICS Security / Vulnerability

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.

The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0.

“Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism,” the company said in an advisory released last week.

“Despite client-side and back-end server verification, attackers can exploit weaknesses in its implementation. This vulnerability may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.”

Successful exploitation of the shortcoming, in other words, could lead to an authentication bypass and allow an attacker to gain unauthorized access to sensitive configurations or disrupt services.

The flaw impacts the following versions –

• PT-508 Series (Firmware version 3.8 and earlier)
• PT-510 Series (Firmware version 3.8 and earlier)
• PT-7528 Series (Firmware version 5.0 and earlier)
• PT-7728 Series (Firmware version 3.9 and earlier)
• PT-7828 Series (Firmware version 4.0 and earlier)
• PT-G503 Series (Firmware version 5.3 and earlier)
• PT-G510 Series (Firmware version 6.5 and earlier)
• PT-G7728 Series (Firmware version 6.5 and earlier), and
• PT-G7828 Series (Firmware version 6.5 and earlier)

Patches for the vulnerability can be obtained by contacting the Moxa Technical Support team. The company credited Artem Turyshev from Moscow-based Rosatom Automated Control Systems (RASU) for reporting the vulnerability.

Outside apply the latest fixes, companies using the affected products are recommended to restrict network access using firewalls or access control lists (ACLs), enforce network segmentation, minimize direct exposure to the internet, implement multi-factor authentication (MFA) for accessing critical systems, enable event logging, and monitor network traffic and device behavior for unusual activities.

It’s worth noting that Moxa resolved the same vulnerability in the Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, back in mid-January 2025.

The development comes a little over two months after Moxa rolled out patches for two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances (CVE-2024-9138 and CVE-2024-9140) that could allow privilege escalation and command execution.

Last month, it also addressed multiple high-severity flaws affecting various switches (CVE-2024-7695, CVE-2024-9404, and CVE-2024-9137) that could result in a denial-of-service (DoS) attack, or command execution.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!