CVE-2020-6995

Q: What is the severity of CVE-2020-6995?

CVE-2020-6995 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to gain unauthorized access to Moxa PT-7528 and PT-7828 series industrial switches by exploiting weak password requirements. Affected organizations using these devices with vulnerable firmware versions are at risk of network compromise.

9.8 CRITICAL

Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to gain unauthorized access to Moxa PT-7528 and PT-7828 series industrial switches by exploiting weak password requirements. Affected organizations using these devices with vulnerable firmware versions are at risk of network compromise.

💻 Affected Systems

Products:

Moxa PT-7528 series
Moxa PT-7828 series

Versions: PT-7528: Version 4.0 or lower, PT-7828: Version 3.9 or lower

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network takeover, industrial control system compromise, data exfiltration, and potential physical damage to industrial processes.

🟠

Likely Case

Unauthorized administrative access to switches, network configuration changes, traffic interception, and lateral movement within industrial networks.

🟢

If Mitigated

Limited impact if strong network segmentation, access controls, and monitoring are in place to detect authentication attempts.

🌐 Internet-Facing: HIGH if devices are exposed to internet with weak credentials, allowing remote attackers to gain access.

🏢 Internal Only: HIGH as attackers with internal access can exploit weak passwords to compromise critical industrial network infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication attempts but is trivial due to weak password requirements. Attackers can brute-force or guess weak passwords.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PT-7528: Version 5.0 or higher, PT-7828: Version 4.0 or higher

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/moxa-pt-7528-pt-7828-series-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Download latest firmware from Moxa support portal. 2. Backup current configuration. 3. Upload new firmware via web interface or CLI. 4. Reboot device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Enforce Strong Password Policy

all

Implement and enforce strong password requirements including minimum length, complexity, and regular rotation.

Network Segmentation

all

Isolate industrial switches from corporate networks and internet using firewalls and VLANs.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach these devices
Enable detailed logging and monitoring of all authentication attempts to these switches

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > System Information) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify firmware version is PT-7528: 5.0+ or PT-7828: 4.0+ and test that strong password requirements are enforced

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts
Successful logins from unusual IP addresses
Configuration changes from unauthorized users

Network Indicators:

Unusual traffic patterns from switch management interfaces
Authentication attempts to switch management ports

SIEM Query:

source="switch_logs" AND (event_type="authentication_failure" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2020-6995

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-521

Published: March 24, 2020

Last Updated: November 21, 2024

🔗 References

https://www.us-cert.gov/ics/advisories/icsa-20-056-03 Third Party Advisory,US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-056-03 Third Party Advisory,US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pt 7528 12msc 12tx 4gsfp Hv Firmware by Moxa

Pt 7528 12msc 12tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 12msc 12tx 4gsfp Wv Firmware by Moxa

Pt 7528 12msc 12tx 4gsfp Wv Wv Firmware by Moxa

Pt 7528 12mst 12tx 4gsfp Hv Firmware by Moxa

Pt 7528 12mst 12tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 12mst 12tx 4gsfp Wv Firmware by Moxa

Pt 7528 12mst 12tx 4gsfp Wv Wv Firmware by Moxa

Pt 7528 16msc 8tx 4gsfp Hv Firmware by Moxa

Pt 7528 16msc 8tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 16msc 8tx 4gsfp Wv Firmware by Moxa

Pt 7528 16msc 8tx 4gsfp Wv Wv Firmware by Moxa

Pt 7528 16mst 8tx 4gsfp Hv Firmware by Moxa

Pt 7528 16mst 8tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 16mst 8tx 4gsfp Wv Firmware by Moxa

Pt 7528 16mst 8tx 4gsfp Wv Wv Firmware by Moxa

Pt 7528 20msc 4tx 4gsfp Hv Firmware by Moxa

Pt 7528 20msc 4tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 20msc 4tx 4gsfp Wv Firmware by Moxa

Pt 7528 20msc 4tx 4gsfp Wv Wv Firmware by Moxa

Pt 7528 20mst 4tx 4gsfp Hv Firmware by Moxa

Pt 7528 20mst 4tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 20mst 4tx 4gsfp Wv Firmware by Moxa

Pt 7528 20mst 4tx 4gsfp Wv Wv Firmware by Moxa

Pt 7528 24tx Hv Firmware by Moxa

Pt 7528 24tx Hv Hv Firmware by Moxa

Pt 7528 24tx Wv Firmware by Moxa

Pt 7528 24tx Wv Hv Firmware by Moxa

Pt 7528 24tx Wv Wv Firmware by Moxa

Pt 7528 8msc 16tx 4gsfp Hv Firmware by Moxa

Pt 7528 8msc 16tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 8msc 16tx 4gsfp Wv Firmware by Moxa

Pt 7528 8msc 16tx 4gsfp Wv Wv Firmware by Moxa

Pt 7528 8mst 16tx 4gsfp Hv Firmware by Moxa

Pt 7528 8mst 16tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 8mst 16tx 4gsfp Wv Firmware by Moxa

Pt 7528 8mst 16tx 4gsfp Wv Wv Firmware by Moxa

Pt 7528 8ssc 16tx 4gsfp Hv Hv Firmware by Moxa

Pt 7528 8ssc 16tx 4gsfp Wv Wv Firmware by Moxa

Pt 7828 F 24 24 Firmware by Moxa

Pt 7828 F 24 Firmware by Moxa

Pt 7828 F 24 Hv Firmware by Moxa

Pt 7828 F 48 48 Firmware by Moxa

Pt 7828 F 48 Firmware by Moxa

Pt 7828 F 48 Hv Firmware by Moxa

Pt 7828 F Hv Firmware by Moxa

Pt 7828 F Hv Hv Firmware by Moxa

Pt 7828 R 24 24 Firmware by Moxa

Pt 7828 R 24 Firmware by Moxa

Pt 7828 R 24 Hv Firmware by Moxa

Pt 7828 R 48 48 Firmware by Moxa

Pt 7828 R 48 Firmware by Moxa

Pt 7828 R 48 Hv Firmware by Moxa

Pt 7828 R Hv Firmware by Moxa

Pt 7828 R Hv Hv Firmware by Moxa