Vulnerable Moxa Devices Expose Industrial Networks to Attacks

Summary:
Moxa, a provider of industrial networking solutions, has issued an urgent advisory regarding two severe vulnerabilities affecting several models of its cellular routers, secure routers, and network security appliances. These vulnerabilities allow remote attackers to gain root access and execute arbitrary commands, potentially leading to arbitrary code execution. The first vulnerability, CVE-2024-9138 (high severity, 8.6), involves hard-coded credentials that enable authenticated users to escalate privileges to root. The second, CVE-2024-9140 (critical severity, 9.3), is an OS command injection flaw caused by improper input restrictions, making it particularly dangerous as it can be exploited remotely.


Security Officer Comments:
The vulnerabilities impact multiple device models, including the EDR-8010, EDR-G9004, EDR-G9010, EDF-G1002-BP, NAT-102, OnCell G4302-LTE4, and TN-4900 series, depending on firmware versions. Certain devices, such as the EDR-810, EDR-G902, and older firmware of TN-4900, are only affected by CVE-2024-9138. Moxa has released firmware updates to address these issues, such as version 3.14 for the EDR series, available on their bulletin. Users of OnCell G4302-LTE4 and TN-4900 are advised to contact Moxa support for patching guidance, while administrators of NAT-102 devices, for which no patch is currently available, are encouraged to apply mitigations such as limiting network exposure, restricting SSH access, and deploying firewalls or intrusion detection/prevention systems.


Suggested Corrections:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
  • Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.


Products That Are Not Vulnerable
Only the products listed in the Affected Products section of this advisory are known to be affected by these vulnerabilities. Moxa has confirmed that these vulnerabilities do not affect the following products:

  • MRC-1002 Series
  • TN-5900 Series
  • OnCell 3120-LTE-1 Series


Link(s):
https://www.bleepingcomputer.com/ne...evices-expose-industrial-networks-to-attacks/

Contact Us for Threat Assistance Back to Current Threats

Just Starting?



Contact LACyber for More Info

Form Temporarily Disabled
Please Call 716 871-7040 for Service


Current Active Cyber Threats