Moxa Industrial Ethernet Switches Security Policy Bypass Vulnerability

CERT-FR

Changeflow GovPing Data Privacy & Cybersecurity Moxa Industrial Ethernet Switches Security Poli...

Routine Notice Added Final

Moxa Industrial Ethernet Switches Security Policy Bypass Vulnerability

CERT-FR Security Advisories

Published April 20th, 2026

Detected April 20th, 2026

Email

Summary

CERT-FR issued advisory CERTFR-2026-AVI-0458 on 20 April 2026 disclosing CVE-2020-11868 in Moxa industrial Ethernet switches. The vulnerability allows an attacker to bypass the security policy of affected devices. Nine PT and PT-G Series product lines with firmware versions below specified thresholds are affected. Users are advised to apply patches referenced in Moxa security bulletin MPSA-258681.

“Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.”

— CERT-FR , verbatim from source

Published by CERT-FR on cert.ssi.gouv.fr . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

View original document View source feed page

What changed

CERT-FR published a security advisory disclosing a vulnerability in Moxa industrial networking products. The flaw, tracked as CVE-2020-11868, allows an attacker to bypass security policies on affected devices. Nine product series are affected: PT-508, PT-510, PT-7528, PT-7728, PT-7828, PT-G503, PT-G510, PT-G7728, and PT-G7828, with firmware versions below specified patched releases. This is a routine vulnerability disclosure from a government computer emergency response team.

Affected parties include operators of Moxa industrial Ethernet switches who should identify firmware versions on their networks and apply available patches from Moxa's MPSA-258681 security bulletin. No compliance deadline or enforcement action is associated with this advisory. Organizations using these products in operational technology or industrial control environments should treat this as a standard patch management action.

What to do next

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs

Archived snapshot

Apr 20, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 20 avril 2026 N° CERTFR-2026-AVI-0458 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Vulnérabilité dans les produits Moxa

Gestion du document

Risque

Contournement de la politique de sécurité

Systèmes affectés

PT-508 Series versions antérieures à v3.8.12
PT-510 Series versions antérieures à v3.8.12
PT-7528 Series versions antérieures à v5.0.34
PT-7728 Series versions antérieures à v3.9.6
PT-7828 Series versions antérieures à v4.0.8
PT-G503 Series versions antérieures à v5.3.12
PT-G510 Series versions antérieures à v6.5.22
PT-G7728 Series versions antérieures à v6.6
PT-G7828 Series versions antérieures à v6.6

Résumé

Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Bulletin de sécurité Moxa MPSA-258681 du 20 avril 2026
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258681-cve-2020-11868-ntp-vulnerability-in-ethernet-switches
Référence CVE CVE-2020-11868
https://www.cve.org/CVERecord?id=CVE-2020-11868

Gestion détaillée du document

le 20 avril 2026 Version initiale

Related changes

Multiples vulnérabilités dans le noyau Linux de SUSE - CERTFR-2026-AVI-0454

Routine Apr 17, 2026 • CERT-FR Security Advisories • Data Privacy & Cybersecurity

Mattermost Server Vulnerability, 4 Affected Versions

Priority review Apr 20, 2026 • CERT-FR Security Advisories • Data Privacy & Cybersecurity

Xen Data Confidentiality Vulnerability (xsa488, CVE-2025-54505)

Priority review Apr 20, 2026 • CERT-FR Security Advisories • Data Privacy & Cybersecurity

Get daily alerts for CERT-FR Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

CERT-FR Security Advisories cert.ssi.gouv.fr/avis

Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

April 20, 2026

Press inquiries →

Classification

Agency

CERT-FR

Published

April 20th, 2026

Instrument

Notice

Branch

Executive

Source language

fr

Legal weight

Non-binding

Stage

Final

Change scope

Minor

Document ID

CERTFR-2026-AVI-0458

Who this affects

Applies to

Manufacturers Technology companies

Industry sector

3341 Computer & Electronics Manufacturing

Activity scope

Vulnerability disclosure Patch management Firmware updates

Geographic scope

France FR

Taxonomy

Primary area

Cybersecurity

Operational domain

IT Security

Topics

Product Safety Data Privacy

Moxa Industrial Ethernet Switches Security Policy Bypass Vulnerability

Summary

What changed

What to do next

Archived snapshot

Avis du CERT-FR

Objet: Vulnérabilité dans les produits Moxa

Gestion du document

Risque

Systèmes affectés

Résumé

Solutions

Documentation

Gestion détaillée du document

Related changes

Source

About this page

Classification

Who this affects

Taxonomy

Browse Categories

Get alerts for this source

Subscribed!