Main Vulnerability Database SB2025012054

SB2025012054 - Missing Authentication for Critical Function in Moxa Ethernet Switches

Published: January 20, 2025

Security Bulletin ID SB2025012054

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2024-9137)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing authentication check when sending commands to the server via the Moxa service. A remote attacker can execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

Vulnerable Software

EDS-608 Series: 3.12 and previous versions
EDS-611 Series: 3.12 and previous versions
EDS-616 Series: 3.12 and previous versions
EDS-619 Series: 3.12 and previous versions
EDS-405A Series: 3.14 and previous versions
EDS-408A Series: 3.12 and previous versions
EDS-505A Series: 3.11 and previous versions
EDS-508A Series: 3.11 and previous versions
EDS-510A Series: 3.12 and previous versions
EDS-516A Series: 3.11 and previous versions
EDS-518A Series: 3.11 and previous versions
EDS-G509 Series: 3.10 and previous versions
EDS-P510 Series: 3.11 and previous versions
EDS-P510A Series: 3.11 and previous versions
EDS-510E Series: 5.5 and previous versions
EDS-518E Series: 6.3 and previous versions
EDS-528E Series: 6.3 and previous versions
EDS-G508E Series: 6.4 and previous versions
EDS-G512E Series: 6.4 and previous versions
EDS-G516E Series: 6.4 and previous versions
EDS-P506E Series: 5.8 and previous versions
ICS-G7526A Series: 5.10 and previous versions
ICS-G7528A Series: 5.10 and previous versions
ICS-G7748A Series: 5.9 and previous versions
ICS-G7750A Series: 5.9 and previous versions
ICS-G7752A Series: 5.9 and previous versions
ICS-G7826A Series: 5.10 and previous versions
ICS-G7828A Series: 5.10 and previous versions
ICS-G7848A Series: 5.9 and previous versions
ICS-G7850A Series: 5.9 and previous versions
ICS-G7852A Series: 5.9 and previous versions
IKS-G6524A Series: 5.10 and previous versions
IKS-6726A Series: 5.9 and previous versions
IKS-6728A Series: 5.9 and previous versions
IKS-6728A-8POE Series: 5.9 and previous versions
IKS-G6824A Series: 5.10 and previous versions
SDS-3006 Series: 3.0 and previous versions
SDS-3008 Series: 3.0 and previous versions
SDS-3010 Series: 3.0 and previous versions
SDS-3016 Series: 3.0 and previous versions
SDS-G3006 Series: 3.0 and previous versions
SDS-G3008 Series: 3.0 and previous versions
SDS-G3010 Series: 3.0 and previous versions
SDS-G3016 Series: 3.0 and previous versions
PT-7728 Series: 3.9 and previous versions
PT-7828 Series: 4.0 and previous versions
PT-G503 Series: 5.3 and previous versions
PT-G510 Series: 6.5 and previous versions
PT-G7728 Series: 6.4 and previous versions
PT-G7828 Series: 6.4 and previous versions
TN-4500A Series: 3.13 and previous versions
TN-5500A Series: 3.13 and previous versions
TN-G4500 Series: 5.5 and previous versions
TN-G6500 Series: 5.5 and previous versions

SB2025012054 - Missing Authentication for Critical Function in Moxa Ethernet Switches

Breakdown by Severity

Description

Remediation

References

Please verify you're human