Today the DHS ICS-CERT published a new control system security advisory for the Moxa Industrial Ethernet Switch PT-7728 series. The advisory describes an improper authorization vulnerability in the switch. The vulnerability was reported by Can Demirel. Moxa has produced an update to mitigate the vulnerability. Demirel has been provided an opportunity to verify the efficacy of the fix.
ICS-CERT reports that crafting an exploit for this remotely accessible vulnerability would require the use of a local proxy to interrupt traffic and update switch configuration.