CISA has published an advisory on stack-based buffer overflow, use of a broken or risky cryptographic algorithm, use of hard-coded cryptographic key, use of hard-coded credentials, weak password requirements, and information exposure vulnerabilities in Moxa PT-7528 Series and PT-7828 Series Ethernet Switches. For Moxa PT-7528 Series, versions 4.0 and lower are affected. For Moxa PT-7828 Series, versions 3.9 and lower are affected. Successful exploitation of these vulnerabilities could crash the device or allow access to sensitive information. Moxa has developed a solution to address these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
Thank you to everyone who helped make H2OSecCon Spring 2024 happen! As noted during the event, WaterISAC intends to conduct another H2OSecCon this year, so stay tuned for updates!