CVE-2024-7695

Summary

Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.

Affected Software

VendorProductVersion RangeStatus
MoxaPT-7728 Series1.0 <= 3.9affected
MoxaPT-7828 Series1.0 <= 4.0affected
MoxaPT-G503 Series1.0 <= 5.3affected
MoxaPT-G510 Series1.0 <= 6.5affected
MoxaPT-G7728 Series1.0 <= 6.4affected
MoxaPT-G7828 Series1.0 <= 6.4affected
MoxaEDS-608 Series1.0 <= 3.12affected
MoxaEDS-611 Series1.0 <= 3.12affected
MoxaEDS-616 Series1.0 <= 3.12affected
MoxaEDS-619 Series1.0 <= 3.12affected
MoxaEDS-405A Series1.0 <= 3.14affected
MoxaEDS-408A Series1.0 <= 3.12affected
MoxaEDS-505A Series1.0 <= 3.11affected
MoxaEDS-508A Series1.0 <= 3.11affected
MoxaEDS-510A Series1.0 <= 3.12affected
MoxaEDS-516A Series1.0 <= 3.11affected
MoxaEDS-518A Series1.0 <= 3.11affected
MoxaEDS-G509 Series1.0 <= 3.10affected
MoxaEDS-P510 Series1.0 <= 3.11affected
MoxaEDS-P510A Series1.0 <= 3.11affected
MoxaEDS-510E Series1.0 <= 5.5affected
MoxaEDS-518E Series1.0 <= 6.3affected
MoxaEDS-528E Series1.0 <= 6.3affected
MoxaEDS-G508E Series1.0 <= 6.4affected
MoxaEDS-G512E Series1.0 <= 6.4affected
MoxaEDS-G516E Series1.0 <= 6.4affected
MoxaEDS-P506E Series1.0 <= 5.8affected
MoxaICS-G7526A Series1.0 <= 5.10affected
MoxaICS-G7528A Series1.0 <= 5.10affected
MoxaICS-G7748A Series1.0 <= 5.9affected
MoxaICS-G7750A Series1.0 <= 5.9affected
MoxaICS-G7752A Series1.0 <= 5.9affected
MoxaICS-G7826A Series1.0 <= 5.10affected
MoxaICS-G7828A Series1.0 <= 5.10affected
MoxaICS-G7848A Series1.0 <= 5.9affected
MoxaICS-G7850A Series1.0 <= 5.9affected
MoxaICS-G7852A Series1.0 <= 5.9affected
MoxaIKS-G6524A Series1.0 <= 5.10affected
MoxaIKS-6726A Series1.0 <= 5.9affected
MoxaIKS-6728A Series1.0 <= 5.9affected
MoxaIKS-G6824A Series1.0 <= 5.10affected
MoxaSDS-3006 Series1.0 <= 3.0affected
MoxaSDS-3008 Series1.0 <= 3.0affected
MoxaSDS-3010 Series1.0 <= 3.0affected
MoxaSDS-3016 Series1.0 <= 3.0affected
MoxaSDS-G3006 Series1.0 <= 3.0affected
MoxaSDS-G3008 Series1.0 <= 3.0affected
MoxaSDS-G3010 Series1.0 <= 3.0affected
MoxaSDS-G3016 Series1.0 <= 3.0affected
MoxaTN-G4500 Series1.0 <= 5.3affected
MoxaTN-G6500 Series1.0 <= 5.4affected

Weaknesses

  • CWE-787: CWE-787: Out-of-bounds Write

Workarounds

To mitigate the risks associated with this vulnerability, we recommend the following actions:

  • Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References