CIS Logo
tagline: Confidence in the Connected World

Multiple Vulnerabilities in Moxa PT-7528 and PT-7828 Series Ethernet Switches Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2020-027

DATE(S) ISSUED:

02/26/2020

OVERVIEW:

Multiple vulnerabilities have been discovered in Moxa PT-7528 and PT-7828 Series Ethernet Switches, the most severe of which could allow for arbitrary code execution. Moxa PT-7528 and PT-7828 Series Ethernet Switches are high performance layer 3 switches which are used to facilitate the routing and forwarding of traffic within a network. Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary code in the context of the appliance.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • PT-7528 Series Firmware Version 4.0 or lower
  • PT-7828 Series Firmware Version 3.9 or lower

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
N/A

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Moxa PT-7528 and PT-7828 Series Ethernet Switches, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

  • Stack-based buffer overflow (CWE-121).
  • Information disclosure due to usage of weak cryptographic algorithm (CWE-327)
  • Information disclosure due to weak implementation of cryptographic function (CWE-327)
  • Usage of a hard-coded cryptographic key (CWE-321)
  • Usage of a hard-coded password which enables access without proper authentication (CWE-321)
  • Weak Password Requirements which enables credential retrieval via brute-force(CWE-521)
  • Information Exposure (CWE-200)

Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary code in the context of the appliance.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply the stable updates provided by Moxa to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Related Resources



Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0

Pencil Media mention 03 Apr 2020
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0

Pencil Webinar 01 Apr 2020