Vulnerable Moxa devices expose industrial networks to attacks

Teilen:

Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances.

The two seurity issues allow remote attackers to get root privileges on vulnerable devices and to execute arbitrary commands, which could lead to arbitrary code execution.

Risks on Moxa routers

Moxa devices are used in environments with industrial automation and control systems from transportation, utilities and energy, and telecommunications sectors.

On Friday, the vendor issued an urgent warning for the following two vulnerabilities:

CVE-2024-9138 (8.6, high severity score): Hard-coded credentials that enable authenticated users to escalate privileges to root

CVE-2024-9140 (9.3, critical severity score): OS command injection flaw caused by exploiting improper input restrictions, leading to arbitrary code execution

The second flaw is particularly dangerous because it can be exploited by remote attackers.

Moxa has released firmware updates that address the vulnerabilities and notes that “immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.”

The following devices are impacted by both CVE-2024-9140 and CVE-2024-9138:

  • EDR-8010 Series on firmware 3.13.1 and earlier
  • EDR-G9004 Series on firmware 3.13.1 and earlier
  • EDR-G9010 Series on firmware 3.13.1 and earlier
  • EDF-G1002-BP Series    on firmware 3.13.1 and earlier
  • NAT-102 Series on firmware 1.0.5 and earlier
  • OnCell G4302-LTE4 Series on firmware 3.13 and earlier
  • TN-4900 Series on firmware 3.13 and earlier

Additionally, EDR-810 Series on firmware 5.12.37 and older, EDR-G902 Series on firmware 5.7.25 and older, and TN-4900 Series on firmware 3.13 and older are vulnerable only to CVE-2024-9138.

Users of EDR-8010 Series, EDR-G9004 Series, EDR-G9010, and EDF-G1002-BP Series should upgrade to firmware version 3.14, released on December 31, 2024, to address the problem.

It is advisable to follow the download links for each device model provided on Moxa’s bulletin to obtain the official firmware images.

Admins of OnCell G4302-LTE4 Series and TN-4900 Series are advised to contact Moxa support to receive guidance on patching.

For the NAT-102 Series, there’s currently no patch available, and administrators are recommended to apply mitigations.

Moxa suggests limiting the device’s network exposure and SSH access and using firewalls, IDS, or an Intrusion Prevention System (IPS) to monitor and block exploitation attempts.

The advisory explicitly mentions that the MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series devices are not vulnerable to either flaw.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
10:30 pm, Juli 8, 2025
Wetter-Symbol 18°C
L: 17° | H: 20°
overcast clouds
Luftfeuchtigkeit: 52 %
Druck: 1019 mb
Wind: 3 mph N
Windböe: 6 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 85%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:53 am
Sonnenuntergang: 9:17 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Tomorrow 10:00 pm
Wetter-Symbol
17° | 20°°C 0.18 mm 18% 7 mph 57 % 1022 mb 0 mm/h
Do. Juli 10 10:00 pm
Wetter-Symbol
18° | 29°°C 0 mm 0% 9 mph 73 % 1023 mb 0 mm/h
Fr. Juli 11 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 8 mph 64 % 1022 mb 0 mm/h
Sa. Juli 12 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 10 mph 66 % 1019 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
18° | 31°°C 0 mm 0% 9 mph 69 % 1017 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
17° | 18°°C 0 mm 0% 3 mph 50 % 1019 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
15° | 16°°C 0 mm 0% 3 mph 50 % 1020 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
17° | 17°°C 0 mm 0% 5 mph 56 % 1021 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
22° | 22°°C 0 mm 0% 5 mph 57 % 1021 mb 0 mm/h
Tomorrow 1:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 6 mph 55 % 1022 mb 0 mm/h
Tomorrow 4:00 pm
Wetter-Symbol
25° | 25°°C 0.18 mm 18% 7 mph 45 % 1021 mb 0 mm/h
Tomorrow 7:00 pm
Wetter-Symbol
25° | 25°°C 0 mm 0% 7 mph 44 % 1021 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 3 mph 53 % 1022 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€92,725.35
0.74%
Ethereum(ETH)
€2,221.05
2.94%
Fesseln(USDT)
€0.85
0.01%
XRP(XRP)
€1.96
1.64%
Solana(SOL)
€128.24
1.38%
USDC(USDC)
€0.85
0.01%
Dogecoin(DOGE)
€0.145195
2.22%
Shiba Inu(SHIB)
€0.000010
2.45%
Pepe(PEPE)
€0.000009
3.52%
Nach oben scrollen