Critical Security Vulnerabilities Detected in Moxa Industrial Devices

January 6, 2025

Moxa, a company specializing in industrial networking and communication solutions, has alerted its customers about two significant security vulnerabilities affecting several of its device models. These vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140, could potentially allow remote attackers to gain root privileges on the vulnerable devices and execute arbitrary commands. This could lead to the execution of arbitrary code.

Moxa devices are typically deployed in environments that involve industrial automation and control systems, including those in the transportation, utilities and energy, and telecommunications sectors. The vulnerabilities, therefore, pose a significant risk to these critical infrastructure sectors.

The first vulnerability, CVE-2024-9138, involves hard-coded credentials that could allow authenticated users to escalate their privileges to root. This vulnerability has been assigned a high severity score of 8.6. The second vulnerability, CVE-2024-9140, is an OS command injection flaw that can lead to arbitrary code execution. This flaw, which can be exploited by remote attackers, has been assigned a critical severity score of 9.3.

In response to these vulnerabilities, Moxa has released firmware updates that address the issues. The company has strongly recommended that its customers take immediate action to install these updates and mitigate the risks associated with the vulnerabilities.

Several Moxa devices are impacted by both vulnerabilities. Additionally, the EDR-810 Series on firmware 5.12.37 and older, EDR-G902 Series on firmware 5.7.25 and older, and TN-4900 Series on firmware 3.13 and older are vulnerable only to CVE-2024-9138. Users of EDR-8010 Series, EDR-G9004 Series, EDR-G9010, and EDF-G1002-BP Series are advised to upgrade to the firmware version 3.14, released on December 31, 2024, to address the problem.

For certain devices, such as the OnCell G4302-LTE4 Series and TN-4900 Series, administrators are advised to contact Moxa support for guidance on patching. For the NAT-102 Series, no patch is currently available, and administrators are recommended to apply mitigations. Moxa has suggested limiting the device’s network exposure and SSH access and using firewalls, IDS, or an Intrusion Prevention System (IPS) to monitor and block exploitation attempts.

The advisory explicitly mentions that the MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series devices are not vulnerable to either flaw.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.