Moxa Devices Vulnerable to Cyberattacks, Threatening Industrial Networks

Critical vulnerabilities discovered in Moxa’s industrial networking devices could allow privilege escalation and OS command injection, exposing critical infrastructure to potential cyberattacks.

In a security advisory, Moxa said that affected models include EDR and TN series routers widely used in industrial automation, energy, and telecommunications.

Successful exploitation could grant attackers control over devices, posing a significant risk to operational systems.

• CVE-2024-9138 with a high severity score of 8.6: This vulnerability involves hard-coded credentials, which could allow an authenticated user to escalate privileges and gain root-level access to the system.
• CVE-2024-9140 with a critical severity score of 9.3: This vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution.

The Impact

According to Moxa, the identified vulnerability types and potential impacts are as follows:

CWE-656: Reliance on Security Through Obscurity (CVE-2024-9138). The exploitation of hard-coded credentials could allow an authenticated user to gain root-level access, leading to system compromise, unauthorized modifications, data exposure, or service disruption.

CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CVE-2024-9140). The impact here could be more severe, as the affected product permits OS command injection through improperly restricted commands, potentially allowing malicious actors to execute arbitrary code.

Immediate Action Needed

Immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.

Moxa has responded by releasing firmware updates for several models and advising immediate implementation of mitigation measures.

The following product series are advised to upgrade to the firmware version 3.14 or later: EDR-810 Series, EDR-8010 Series, EDR-G902 Series, EDR-G903 Series, EDR-G9004 Series, EDR-G9010 Series, and the EDF-G1002-BP Series.

In the case of the OnCell G4302-LTE4 Series and the TN-4900 Series, Moxa asks to contact its Technical Support for the security patch.

There is no official patch or firmware update currently available for for the NAT-102 Series, and Moxa recommends several mitigations  measures to address the vulnerability.

Firstly, to minimize network exposure to ensure the device is not accessible from the Internet, and to limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.

Finally, Moxa says to implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.

Review Systems Now

Unpatched devices could serve as entry points for advanced persistent threats (APTs), with potential to disrupt essential services. Industrial operators are strongly encouraged to review their systems, apply updates, and adopt additional protective measures, such as isolating vulnerable devices and deploying firewalls.