CVE-2024-7695
Published: 29 January 2025
Description
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.
Security Summary
CVE-2024-7695 is an out-of-bounds write vulnerability (CWE-787) affecting multiple Moxa industrial switches due to insufficient input validation, which enables data to be written outside the intended buffer boundaries. The impacted products include PT-series switches, as well as EDS-, ICS-, IKS-, and SDS-series switches, and EN-50155 certified switches. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for availability disruption.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to trigger a denial-of-service condition by causing the affected switch to crash or become unresponsive, disrupting network operations without impacting confidentiality or integrity.
Moxa has published security advisories detailing the vulnerability across the affected product lines, including MPSA-240162 for PT switches, MPSA-240163 for EDS/ICS/IKS/SDS switches, and MPSA-240164 for EN-50155 switches. These advisories provide guidance on mitigation, though specific patch or workaround details are available in the referenced documents.
Details
- CWE(s)