CVE-2024-7695
📋 TL;DR
An out-of-bounds write vulnerability in multiple Moxa industrial switches allows attackers to write data beyond allocated buffer boundaries due to insufficient input validation. This affects various Moxa PT, EDS, ICS, IKS, SDS, and EN-50155 switch models. Successful exploitation could cause denial-of-service conditions.
💻 Affected Systems
- Moxa PT switches
- Moxa EDS switches
- Moxa ICS switches
- Moxa IKS switches
- Moxa SDS switches
- Moxa EN-50155 switches
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device crash and permanent denial-of-service requiring physical reset or replacement
Likely Case
Temporary service disruption requiring device reboot
If Mitigated
No impact if patched or properly segmented
🎯 Exploit Status
Requires network access to vulnerable switch interfaces; specific exploit conditions not publicly documented
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by product - see vendor advisories for specific fixed versions
Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory
Restart Required: Yes
Instructions:
1. Identify affected switch models and current firmware versions. 2. Download appropriate firmware updates from Moxa support portal. 3. Backup current configuration. 4. Apply firmware update following Moxa's upgrade procedures. 5. Verify successful update and restore configuration if needed.
🔧 Temporary Workarounds
Network Segmentation
allIsolate industrial switches from untrusted networks and restrict access to management interfaces
Access Control Lists
allImplement strict ACLs to limit which IP addresses can communicate with switch management interfaces
🧯 If You Can't Patch
- Segment switches into isolated VLANs with strict firewall rules
- Disable unused management interfaces and services
🔍 How to Verify
Check if Vulnerable:
Check switch firmware version against affected versions in Moxa advisories MPSA-240162, MPSA-240163, MPSA-240164Check Version:
Varies by switch model - typically via web interface (System > About) or CLI (show version)Verify Fix Applied:
Verify firmware version matches or exceeds patched versions specified in vendor advisories📡 Detection & Monitoring
Log Indicators:
- Unexpected device reboots
- Memory allocation errors in system logs
- Connection attempts to management interfaces from unusual sources
Network Indicators:
- Unusual traffic patterns to switch management ports
- Protocol anomalies in switch communication
SIEM Query:
source="switch_logs" AND (event_type="crash" OR event_type="reboot" OR message="*memory*" OR message="*buffer*")🔗 References
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240164-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-en-50155-switches
