Authentication Bypass Vulnerability in Moxa Ethernet Switch EDS-508A Series
CVE-2024-12297
Key Information:
- Vendor
- Moxa
- Vendor
- CVE Published:
- 15 January 2025
Badges
What is CVE-2024-12297?
CVE-2024-12297 identifies a critical authentication bypass vulnerability in the Moxa Ethernet Switch EDS-508A Series, which are designed for reliable communication in industrial networking environments. This vulnerability arises from flaws in the device's authorization mechanism, allowing attackers to potentially bypass authentication processes. Organizations utilizing these switches may face significant security risks, as successful exploitation could permit unauthorized access to the network, leading to adverse operational implications and potential compromises of sensitive information.
Technical Details
The vulnerability is rooted in the implementation weaknesses present in both the client-side and back-end server verification processes of the Moxa Ethernet switch. These weaknesses facilitate brute-force attacks, where attackers could guess valid credentials, or MD5 collision attacks, enabling them to forge authentication hashes. Essentially, this exploitation could undermine the integrity of security mechanisms that protect the device from unauthorized access.
Potential Impact of CVE-2024-12297
-
Unauthorized Access: Exploiters can gain unauthorized control over the network devices, leading to manipulation of network traffic, configuration changes, or data interception.
-
Compromise of Network Integrity: Successful authentication bypass may allow threat actors to implement further attacks within the network, potentially leading to broader disruptions or targeting of additional systems.
-
Operational Disruptions: With unauthorized access, attackers can interfere with operational processes, which is particularly concerning in industrial environments where system availability is crucial for maintaining production efficiency and safety.
Affected Version(s)
EDS-508A Series 1.0 <= 3.11
PT-508 Series 1.0 <= 3.8
PT-510 Series 1.0 <= 3.8
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
Moxa fixes CVE-2024-12297, a critical PT switch flaw (CVSS 9.2) enabling authentication bypass. Users must update firmware or apply mitigation steps.
4 weeks ago
References
CVSS V4
Timeline
- π
Vulnerability started trending
- π°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved