CVE-2024-7695

Out-of-bounds Write Vulnerability

Description

Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.

Remediation

Solution:

  • Please refer to the security advisories: * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches * CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches

Workaround:

  • To mitigate the risks associated with this vulnerability, we recommend the following actions: * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.

Category

8.7
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.07%
Vendor Advisory moxa.com Vendor Advisory moxa.com Vendor Advisory moxa.com
Affected: Moxa PT-7728 Series
Affected: Moxa PT-7828 Series
Affected: Moxa PT-G503 Series
Affected: Moxa PT-G510 Series
Affected: Moxa PT-G7728 Series
Affected: Moxa PT-G7828 Series
Affected: Moxa EDS-608 Series
Affected: Moxa EDS-611 Series
Affected: Moxa EDS-616 Series
Affected: Moxa EDS-619 Series
Affected: Moxa EDS-405A Series
Affected: Moxa EDS-408A Series
Affected: Moxa EDS-505A Series
Affected: Moxa EDS-508A Series
Affected: Moxa EDS-510A Series
Affected: Moxa EDS-516A Series
Affected: Moxa EDS-518A Series
Affected: Moxa EDS-G509 Series
Affected: Moxa EDS-P510 Series
Affected: Moxa EDS-P510A Series
Affected: Moxa EDS-510E Series
Affected: Moxa EDS-518E Series
Affected: Moxa EDS-528E Series
Affected: Moxa EDS-G508E Series
Affected: Moxa EDS-G512E Series
Affected: Moxa EDS-G516E Series
Affected: Moxa EDS-P506E Series
Affected: Moxa ICS-G7526A Series
Affected: Moxa ICS-G7528A Series
Affected: Moxa ICS-G7748A Series
Affected: Moxa ICS-G7750A Series
Affected: Moxa ICS-G7752A Series
Affected: Moxa ICS-G7826A Series
Affected: Moxa ICS-G7828A Series
Affected: Moxa ICS-G7848A Series
Affected: Moxa ICS-G7850A Series
Affected: Moxa ICS-G7852A Series
Affected: Moxa IKS-G6524A Series
Affected: Moxa IKS-6726A Series
Affected: Moxa IKS-6728A Series
Affected: Moxa IKS-G6824A Series
Affected: Moxa SDS-3006 Series
Affected: Moxa SDS-3008 Series
Affected: Moxa SDS-3010 Series
Affected: Moxa SDS-3016 Series
Affected: Moxa SDS-G3006 Series
Affected: Moxa SDS-G3008 Series
Affected: Moxa SDS-G3010 Series
Affected: Moxa SDS-G3016 Series
Affected: Moxa TN-G4500 Series
Affected: Moxa TN-G6500 Series
Published at:
Updated at:

References

Link Tags
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches vendor advisory
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches vendor advisory
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240164-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-en-50155-switches vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-7695?
CVE-2024-7695 has been scored as a high severity vulnerability.
How to fix CVE-2024-7695?
To fix CVE-2024-7695: Please refer to the security advisories: * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches * CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches
Is CVE-2024-7695 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-7695 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-7695?
CVE-2024-7695 affects Moxa PT-7728 Series, Moxa PT-7828 Series, Moxa PT-G503 Series, Moxa PT-G510 Series, Moxa PT-G7728 Series, Moxa PT-G7828 Series, Moxa EDS-608 Series, Moxa EDS-611 Series, Moxa EDS-616 Series, Moxa EDS-619 Series, Moxa EDS-405A Series, Moxa EDS-408A Series, Moxa EDS-505A Series, Moxa EDS-508A Series, Moxa EDS-510A Series, Moxa EDS-516A Series, Moxa EDS-518A Series, Moxa EDS-G509 Series, Moxa EDS-P510 Series, Moxa EDS-P510A Series, Moxa EDS-510E Series, Moxa EDS-518E Series, Moxa EDS-528E Series, Moxa EDS-G508E Series, Moxa EDS-G512E Series, Moxa EDS-G516E Series, Moxa EDS-P506E Series, Moxa ICS-G7526A Series, Moxa ICS-G7528A Series, Moxa ICS-G7748A Series, Moxa ICS-G7750A Series, Moxa ICS-G7752A Series, Moxa ICS-G7826A Series, Moxa ICS-G7828A Series, Moxa ICS-G7848A Series, Moxa ICS-G7850A Series, Moxa ICS-G7852A Series, Moxa IKS-G6524A Series, Moxa IKS-6726A Series, Moxa IKS-6728A Series, Moxa IKS-G6824A Series, Moxa SDS-3006 Series, Moxa SDS-3008 Series, Moxa SDS-3010 Series, Moxa SDS-3016 Series, Moxa SDS-G3006 Series, Moxa SDS-G3008 Series, Moxa SDS-G3010 Series, Moxa SDS-G3016 Series, Moxa TN-G4500 Series, Moxa TN-G6500 Series.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.