Introduction
Moxa has released a security advisory addressing critical vulnerabilities in its industrial networking devices, specifically affecting the EDR and TN series routers [6], cellular routers [3] [4] [5] [7] [8], and network security appliances [1] [2] [3] [4] [5] [7]. These vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140 [5] [8], pose significant security risks and require immediate attention and action from users to mitigate potential threats.
Description
Moxa has issued a security advisory regarding critical vulnerabilities affecting its industrial networking devices, including the EDR and TN series routers [6], as well as its cellular routers and network security appliances. The vulnerabilities are identified as CVE-2024-9138 [1] [2] [3] [4] [5] [6] [7] [8] [9] and CVE-2024-9140.
CVE-2024-9138, which has a severity score of 8.6 according to CVSS 4.0 and 7.2 according to CVSS 3.1, involves hard-coded credentials that could allow an authenticated user to escalate privileges and gain root-level access [4] [6] [7] [8] [9]. This poses significant risks [5], including system compromise [6], unauthorized modifications [4] [6], data exposure [1] [4] [6], and service disruptions due to reliance on security through obscurity [6].
The second vulnerability, CVE-2024-9140 [1] [2] [3] [4] [5] [6] [7] [8] [9], is rated critical [2], with a severity score of 9.8 based on CVSS 3.1 and 9.3 according to CVSS 4.0. It allows unauthenticated users to exploit OS command injection issues by bypassing input restrictions with special characters, potentially enabling attackers to execute arbitrary code and gain full control of the device. This vulnerability affects a range of devices [8], including the EDR-810 Series (firmware version 5.12.37 and earlier) [4], EDR-8010 Series (firmware version 3.13.1 and earlier) [4], EDR-G902 Series (firmware version 5.7.25 and earlier) [4], EDR-G9004 Series [4] [8], EDR-G9010 Series [4] [8], EDF-G1002-BP Series [1] [4] [5] [6] [8], and OnCell G4302-LTE4 wireless broadband communication routers [1]. Additionally, the TN-4900 series railway vehicle routers are also impacted [1].
Moxa has confirmed that the MRC-1002 Series [4], TN-5900 Series [1] [3] [4] [6] [8], and OnCell 3120-LTE-1 Series are not affected by these vulnerabilities [4] [5]. For the impacted products, Moxa has released firmware updates [4] [5] [6] [9], specifically advising users to upgrade to version 3.14 or later, which was made available on December 31, 2024. However, some products [1] [3], including the NAT-102 Series [1] [3] [4] [8], currently lack publicly available patches [3]. Affected users are directed to contact Moxa for support or refer to the mitigations section until a patch becomes available.
Immediate action is recommended to mitigate these risks and prevent exploitation. Organizations are strongly advised to apply the available patches without delay. To further reduce exposure [4], Moxa recommends limiting network accessibility by ensuring devices are not exposed to the internet [4], restricting SSH access to trusted IP addresses [1] [3] [4] [8], and implementing intrusion detection or prevention systems (IDS/IPS) to monitor for attack attempts [4].
The vulnerabilities were reported to Moxa under responsible disclosure by security researcher Lars Haulin [4]. Cybersecurity experts emphasize the importance of timely updates in industrial environments [4], noting that while there is no indication of active exploitation of these vulnerabilities [2], proactive patch management is crucial to prevent potential exploitation [4]. Unpatched devices may serve as entry points for advanced persistent threats (APTs) [6], potentially disrupting essential services [6]. Industrial operators are encouraged to review their systems [6], apply updates [6], and adopt additional protective measures [6], such as isolating vulnerable devices and deploying firewalls [6].
Conclusion
The vulnerabilities identified in Moxa’s industrial networking devices underscore the critical need for immediate action to prevent potential exploitation. Users are urged to apply the recommended patches and follow Moxa’s guidelines to limit network exposure. The proactive management of these vulnerabilities is essential to safeguard against advanced persistent threats and ensure the continued security and reliability of industrial operations. Future vigilance and timely updates will be crucial in maintaining robust cybersecurity defenses.
References
[1] https://www.ithome.com.tw/news/166842
[2] https://fieldeffect.com/blog/moxa-addresses-vulnerabilities-in-its-industrial-routers
[3] https://cyberscoop.com/industrial-networking-manufacturer-moxa-reports-critical-router-bugs/
[4] https://www.infosecurity-magazine.com/news/moxa-urges-updates-security/
[5] https://cybermaterial.com/moxa-issues-critical-vulnerability-warning/
[6] https://informationsecuritybuzz.com/moxa-devices-vulnerable-to-cyberattack/
[7] https://www.waterisac.org/portal/otics-vulnerability-awareness-%E2%80%93-two-critical-vulnerabilities-found-moxa-industrial-devices
[8] https://www.techradar.com/pro/security/industrial-networks-exposed-to-attack-by-faulty-moxa-devices
[9] https://securityaffairs.com/172770/ics-scada/moxa-router-flaws-risks-to-industrial-environmets.html
