Industrial networks exposed to attack by faulty Moxa devices

By
SACHIN KELKAR
-
5

Industrial networks exposed to attack by faulty Moxa devices

News

By Sead Fadilpašić

published 7 January 2025

Multiple devices were found vulnerable to two flaws


An image of network security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)(Image credit: Shutterstock)
  • Moxa found two flaws affecting cellular router models, secure routers, and network security equipment
  • One of the bugs was deemed critical since it allowed for RCE
  • Patches are already available, so update now

Moxa, a global powerhouse in industrial networking, computing, and communications gear, has recently addressed two vulnerabilities impacting different cellular router models, secure routers, and network security gear.

Since one of the vulnerabilities is deemed critical, and can be abused remotely to devastating effect, Moxa urged its users to apply the fixes immediately.

In a security advisory, Moxa said it released patches for CVE-2024-9138, and CVE-2024-9140. The first one is due to hardcoded credentials, allowing threat actors to elevate privileges and gain root-level access. It was granted a severity score of 8.6, and was said to affect ten models. Those include EDR-810 Series, EDR-8010 Series, and EDR-G902 Series.

Moxa devices targeted

The second vulnerability is more severe, allowing threat actors to exploit special characters to bypass input restrictions. As a result, they could be allowed to run arbitrary commands remotely which, in turn, could lead to full device takeover.

This bug was given a severity score of 9.8 (critical), and was said to affect a somewhat smaller list of devices. Among others, it includes EDR-G9004 Series, EDR-G9010 Series, and EDF-G1002-BP Series.

Moxa released different patches for different models and firmware versions, and added that the MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series endpoints were not vulnerable to either bug.

It also offered a set of mitigations for those unable to apply the patch immediately. These include:

  • Minimizing network exposure to ensure the device is not accessible from the Internet.
  • Limiting SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
  • Implementing IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. “These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks,” the company said.

The entire list of affected endpoints can be found on this link.

You might also like

  • Most codebases contain a huge amount of open source vulnerabilities
  • Here’s a list of the best antivirus tools on offer
  • These are the best endpoint protection tools right now
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

More about security
Fraude en ligne phishing

Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks

China

Chinese cybersecurity firm hit by US sanctions over ties to Flax Typhoon hacking group

Latest
The International Civil Aviation Organization in Montreal, Canada

International Civil Aviation Organization investigating possible records data breach

See more latest ►
Previous articleCoros Pace Pro watch review: Bright display and bursting battery performer
Next articleNvidia unveils new GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070 graphics cards at CES 2025
SACHIN KELKAR
SACHIN KELKAR
https://topupdatetoday.com/

RELATED ARTICLESMORE FROM AUTHOR