Denial of Service Vulnerability in Moxa Industrial Ethernet Switch
CVE-2022-40224

5.3MEDIUM

Key Information:

Vendor: Moxa
Status: Sds-3008 Series Industrial Ethernet Switch
Vendor: CVE Published:; 7 February 2023

Summary

A denial of service vulnerability has been identified in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. This vulnerability is triggered by sending a specially-crafted HTTP message header, which can lead to service interruptions. Attackers could exploit this by sending specific HTTP requests aimed at overwhelming the device, thereby affecting network communication and operations.

Affected Version(s)

SDS-3008 Series Industrial Ethernet Switch 2.1

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.moxa.com/en/support/product-support/security-...

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Sep 21, 2022