Full Report
[Control Systems] Moxa security advisory (AV26-085)
Analysis Summary
# Vulnerability: Moxa Ethernet Switch Frontend Authorization Logic Disclosure
## CVE Details
- CVE ID: CVE-2024-12297
- CVSS Score: Information not explicitly provided in the excerpt. Assuming **Medium to High** based on typical authorization flaws in control systems, pending official score release.
- CWE: Likely related to authorization bypass or insufficient access control.
## Affected Systems
- Products: Moxa TN-A Series and TN-G Series Ethernet Switches.
- Versions:
- TN-A Series: Firmware version v4.1 and prior.
- TN-G Series: Firmware version v5.5 and prior.
- Configurations: Not specified, likely affecting default configurations accessible via the web interface.
## Vulnerability Description
The vulnerability is described as a "Frontend Authorization Logic Disclosure Vulnerability" in Moxa Ethernet switches. This suggests that authorization checks, which should be performed strictly on the backend, are either partially or completely missing or improperly implemented on the frontend (web interface), potentially allowing unauthorized users to access restricted functions or information.
## Exploitation
- Status: Not explicitly stated whether exploited in the wild or if PoC is available in the provided summary context.
- Complexity: Undetermined (Pending CVSS/details).
- Attack Vector: Likely **Network** (via the web management interface).
## Impact
- Confidentiality: Likely **High** if sensitive configuration data or management interfaces are exposed.
- Integrity: Likely **Medium to High** if unauthorized users can modify device settings.
- Availability: Potentially **Medium** if unauthorized actions lead to denial of service or device instability.
## Remediation
### Patches
- Users must apply updates published by Moxa following Security Advisory MPSA-241409.
* *Note: Specific fixed versions are not listed in this summary excerpt; users must consult the official Moxa advisory.*
### Workarounds
- No specific workarounds were detailed in this summary excerpt. Users should consult the official Moxa security advisories for immediate mitigation steps if patching is delayed.
## Detection
- Indicators of Compromise: Suspicious login attempts or unauthorized configuration changes recorded in audit logs (if available).
- Detection Methods and Tools: Monitoring network traffic directed at the switch management interface for non-standard web requests targeting restricted paths.
## References
- Vendor Advisory (Moxa): hXXps://www.moxa.com/en/support/product-support/security-advisory/mpsa-241409-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-ethernet-switches
- General Advisories: hXXps://www.moxa.com/en/support/product-support/security-advisory