CVE-2024-7695

High

Published: 29 January 2025

Published

29 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0029 52.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7695 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Moxa (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 47.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the root cause of insufficient input validation that enables out-of-bounds writes in the Moxa switches.

SI-16 Memory Protection good match

prevent

Implements memory safeguards to protect against unauthorized out-of-bounds writes that could crash the affected switches.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, patching, and verification of the specific out-of-bounds write flaw as detailed in Moxa security advisories.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Out-of-bounds write enables remote unauthenticated exploitation to crash the device, directly mapping to application/system exploitation for DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a…

denial-of-service attack.

Deeper analysisAI

CVE-2024-7695 is an out-of-bounds write vulnerability (CWE-787) affecting multiple Moxa industrial switches due to insufficient input validation, which enables data to be written outside the intended buffer boundaries. The impacted products include PT-series switches, as well as EDS-, ICS-, IKS-, and SDS-series switches, and EN-50155 certified switches. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for availability disruption.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to trigger a denial-of-service condition by causing the affected switch to crash or become unresponsive, disrupting network operations without impacting confidentiality or integrity.

Moxa has published security advisories detailing the vulnerability across the affected product lines, including MPSA-240162 for PT switches, MPSA-240163 for EDS/ICS/IKS/SDS switches, and MPSA-240164 for EN-50155 switches. These advisories provide guidance on mitigation, though specific patch or workaround details are available in the referenced documents.