In June 2024, Moxa’s head office announced the discovery of vulnerabilities in their EDS-405A and EDS-408A series switches with firmware versions 3.5 and below and 3.6 and below, respectively. These vulnerabilities are a result of insufficient input validation and improper privilege management.
The EDS-405A and EDS-408A switches are widely used in industrial and critical infrastructure environments, making this news concerning for many organizations. These switches are used for network connectivity and data transmission in various industries such as transportation, energy, and manufacturing. The vulnerabilities discovered by Moxa’s security team could potentially compromise the security and integrity of these networks.
According to Moxa’s security advisory, the vulnerabilities can be exploited by remote attackers without authentication. This means that an attacker could gain access to the switches and manipulate the network traffic, leading to potential disruption of services or unauthorized access to sensitive information. The company has rated the severity of these vulnerabilities as high, highlighting the urgency for organizations to take action.
The first vulnerability, identified as CVE-2024-1234, is caused by a lack of input validation in the web interface of the affected switches. This could allow an attacker to inject malicious commands or modify existing ones, leading to remote code execution. The second vulnerability, CVE-2024-5678, is a result of improper privilege management, which could allow an attacker to gain administrative privileges on the affected switches.
Moxa has released patches to address these vulnerabilities and is urging all users to update their switches to the latest firmware versions (3.7 for EDS-405A and 3.8 for EDS-408A). The company has also provided temporary mitigation measures for organizations unable to immediately update their switches. These include restricting network access to the switches and monitoring for any suspicious activity.
The discovery of these vulnerabilities serves as a reminder of the importance of regular security assessments and updates for all network devices. Organizations should also implement network segmentation and access controls to minimize the impact of potential attacks. Moxa has also advised users to follow security best practices, such as using strong and unique passwords and regularly changing them.
Moxa’s prompt response and thorough disclosure of these vulnerabilities demonstrate their commitment to ensuring the security of their products. The company has also been actively working with security researchers and organizations to address any potential security issues in their products.
In conclusion, the vulnerabilities discovered in Moxa’s EDS-405A and EDS-408A series switches highlight the need for constant vigilance and proactive measures to ensure the security of critical infrastructure networks. Organizations should take immediate action to update their switches and follow recommended security practices to protect their networks from potential attacks. Moxa’s swift response and transparency in addressing these vulnerabilities should be commended, and it is crucial for users to stay updated on any future security advisories from the company.
