heise PlusAbo
Anzeige

Security patch: Unauthorized access to certain Moxa switches possible

Attackers can bypass authentication on Moxa switches in the EDS-508A series. The vulnerability is considered critical.

listen Print view
IT administrator sits in front of the server and monitors performance

(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

1 min. read
Security
By

To prevent attacks, network admins should update the firmware of their EDS-508A series Ethernet switches from Moxa to the latest version.

Unauthorized access possible

In a warning message, the manufacturer of network solutions lists the vulnerability (CVE-2024-12297) as"critical". Devices up to and including firmware version 3.11 are affected. The developers state that client and back-end server authentication is broken.

As a result, attackers can exploit the vulnerability and gain unauthorized access to systems. This can happen through brute force attacks or MD5 hash collisions, for example. Attackers can then completely compromise devices.

Videos by heise

To obtain the security update, admins must contact Moxa support. Moxa is not currently specifying whether there are already attacks and how to recognize switches that have already been attacked.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten