DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

Vulnerable Moxa devices expose industrial networks to attacks

0
Teilen:

Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances.

The two seurity issues allow remote attackers to get root privileges on vulnerable devices and to execute arbitrary commands, which could lead to arbitrary code execution.

Risks on Moxa routers

Moxa devices are used in environments with industrial automation and control systems from transportation, utilities and energy, and telecommunications sectors.

On Friday, the vendor issued an urgent warning for the following two vulnerabilities:

CVE-2024-9138 (8.6, high severity score): Hard-coded credentials that enable authenticated users to escalate privileges to root

CVE-2024-9140 (9.3, critical severity score): OS command injection flaw caused by exploiting improper input restrictions, leading to arbitrary code execution

The second flaw is particularly dangerous because it can be exploited by remote attackers.

Moxa has released firmware updates that address the vulnerabilities and notes that “immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.”

The following devices are impacted by both CVE-2024-9140 and CVE-2024-9138:

  • EDR-8010 Series on firmware 3.13.1 and earlier
  • EDR-G9004 Series on firmware 3.13.1 and earlier
  • EDR-G9010 Series on firmware 3.13.1 and earlier
  • EDF-G1002-BP Series    on firmware 3.13.1 and earlier
  • NAT-102 Series on firmware 1.0.5 and earlier
  • OnCell G4302-LTE4 Series on firmware 3.13 and earlier
  • TN-4900 Series on firmware 3.13 and earlier

Additionally, EDR-810 Series on firmware 5.12.37 and older, EDR-G902 Series on firmware 5.7.25 and older, and TN-4900 Series on firmware 3.13 and older are vulnerable only to CVE-2024-9138.

Users of EDR-8010 Series, EDR-G9004 Series, EDR-G9010, and EDF-G1002-BP Series should upgrade to firmware version 3.14, released on December 31, 2024, to address the problem.

It is advisable to follow the download links for each device model provided on Moxa’s bulletin to obtain the official firmware images.

Admins of OnCell G4302-LTE4 Series and TN-4900 Series are advised to contact Moxa support to receive guidance on patching.

For the NAT-102 Series, there’s currently no patch available, and administrators are recommended to apply mitigations.

Moxa suggests limiting the device’s network exposure and SSH access and using firewalls, IDS, or an Intrusion Prevention System (IPS) to monitor and block exploitation attempts.

The advisory explicitly mentions that the MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series devices are not vulnerable to either flaw.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
4:13 am, Juni 23, 2025
Wetter-Symbol 18°C
L: 17° | H: 18°
broken clouds
Luftfeuchtigkeit: 78 %
Druck: 1009 mb
Wind: 16 mph WSW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 75%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:43 am
Sonnenuntergang: 9:21 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
17° | 18°°C 0.2 mm 20% 14 mph 76 % 1016 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
13° | 22°°C 0.2 mm 20% 13 mph 80 % 1016 mb 0 mm/h
Mi. Juni 25 10:00 pm
Wetter-Symbol
16° | 27°°C 0 mm 0% 9 mph 86 % 1014 mb 0 mm/h
Do. Juni 26 10:00 pm
Wetter-Symbol
18° | 26°°C 0.48 mm 48% 14 mph 84 % 1016 mb 0 mm/h
Fr. Juni 27 10:00 pm
Wetter-Symbol
17° | 28°°C 0 mm 0% 16 mph 72 % 1019 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
16° | 17°°C 0.2 mm 20% 13 mph 76 % 1010 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
18° | 19°°C 0 mm 0% 12 mph 54 % 1012 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 12 mph 34 % 1014 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
21° | 21°°C 0 mm 0% 14 mph 32 % 1014 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 13 mph 39 % 1014 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
17° | 17°°C 0 mm 0% 10 mph 53 % 1016 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
14° | 14°°C 0 mm 0% 8 mph 69 % 1016 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
13° | 13°°C 0 mm 0% 8 mph 80 % 1015 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€88,156.11
-1.22%
Ethereum(ETH)
€1,949.81
-1.40%
Fesseln(USDT)
€0.87
0.00%
XRP(XRP)
€1.76
-2.20%
Solana(SOL)
€115.74
-1.60%
USDC(USDC)
€0.87
0.00%
Dogecoin(DOGE)
€0.132918
-1.33%
Shiba Inu(SHIB)
€0.000010
-1.47%
Pepe(PEPE)
€0.000008
-4.48%
Peanut das Eichhörnchen(PNUT)
€0.218896
13.10%
Risikomonitor
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen