Product support

Security Advisories

SUMMARY

PT-7528 and PT-7828 Series Ethernet Switches Vulnerabilities

  • Version: V1.0
  • Release Date: Sep 25, 2019

Multiple product vulnerabilities were identified in Moxa’s PT-7528 and PT-7828 Series Ethernet Switches. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Stack-based buffer overflow (CWE-121) The attacker may execute arbitrary codes or target the device to cause it to go out of service.
2 Use of a broken or risky cryptographic algorithm (CWE-327) Using a weak cryptographic algorithm may allow confidential information to be disclosed.
3 Use of a broken or risky cryptographic algorithm (CWE-327) Improper implementation of the cryptographic function may allow confidential information to be disclosed.
4 Use of a hard-coded cryptographic key (CWE-321) Using a hard-coded cryptographic key increases the possibility that confidential data can be recovered.
5 Use of a hard-coded password (CWE-798) A user with malicious intent may gain access to the system without proper authentication.
6 Weak password requirements (CWE-521) A user with malicious intent may try to retrieve credentials by using brute force.
7 Information exposure (CWE-200) A user with malicious intent could steal sensitive information by performing a zero-day attack.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

oduct Series Affected Versions
PT-7528 Series Firmware Version 4.0 or lower
PT-7828 Series Firmware Version 3.9 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
PT-7528 Series Please contact Moxa Technical Support for a security patch.

For vulnerabilities 2, 3, 4, and 5 we recommend that our customers apply the security patch and then Enable Account Login Failure Lockout functions to eliminate any potential risk.
PT-7828 Series Please contact Moxa Technical Support for a security patch.

For vulnerabilities 2, 3, 4, and 5 we recommend that our customers apply the security patch and then Enable Account Login Failure Lockout functions to eliminate any potential risk.

 

Acknowledgment:

We would like to express our appreciation to Ilya Karpov and Evgeniy Druzhinin of Rostelecom-Solar, and Georgy Zaytsev of Positive Technologies for reporting the vulnerabilities, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Sep 25, 2019

Relevant Products

PT-7528 Series · PT-7828 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag