Moxa EDS-G516E and EDS-510E Series Ethernet Switches (ICSA-20-056-04) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on stack-based buffer overflow, use of a broken or risky cryptographic algorithm, use of hard-coded cryptographic key, use of hard-coded credentials, classic buffer overflow, cleartext transmission of sensitive information, and weak password requirements in Moxa EDS-G516E and EDS-510E Series Ethernet Switches. For both series, versions 5.2 and lower are affected. Successful exploitation of these vulnerabilities could crash the device, execute arbitrary code, and allow access to sensitive information. Moxa has developed solutions to address the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.