Moxa, a provider of industrial networking and communication solutions, has issued a warning about two high-severity vulnerabilities found in its range of cellular routers, secure routers, and network security appliances. These vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140, allow remote attackers to escalate privileges and execute arbitrary commands on affected devices. This poses a significant risk to industries relying on Moxa’s equipment, including sectors such as transportation, energy, and telecommunications, where the security and integrity of industrial automation systems are paramount. The vulnerabilities have the potential to allow unauthorized access to sensitive systems, leading to major security breaches.
The first flaw, CVE-2024-9138, is a high-severity issue resulting from hard-coded credentials that allow authenticated users to escalate privileges to root. The second flaw, CVE-2024-9140, is more critical, with a severity score of 9.3, due to an OS command injection vulnerability. This flaw enables attackers to execute arbitrary code remotely, significantly increasing the risk of exploitation. Moxa has highlighted that these vulnerabilities can be exploited by remote attackers, making them especially dangerous as they do not require local access to the devices to trigger the flaws.
Moxa has responded by issuing firmware updates to address both vulnerabilities. For affected devices such as the EDR-8010, EDR-G9004, EDR-G9010, and EDF-G1002-BP Series, the company has released version 3.14 of the firmware on December 31, 2024. However, there is no patch currently available for the NAT-102 Series, and administrators are encouraged to implement mitigations. Other users are advised to contact Moxa support for further assistance regarding patching instructions and guidance. Moxa’s advisory also suggests that users limit the network exposure of the affected devices and apply security measures such as firewalls, IDS, or IPS to detect and block exploitation attempts.
The advisory further specifies which devices are impacted, listing those with firmware versions that are vulnerable to one or both of the flaws. Importantly, Moxa reassured users that certain models, including the MRC-1002 and OnCell 3120-LTE-1 Series, are not affected by either flaw. In addition to patching recommendations, Moxa strongly urges administrators to take immediate action to safeguard their systems by updating firmware, restricting unnecessary access, and deploying network security measures to prevent potential exploitation of these critical vulnerabilities. The vulnerabilities serve as a reminder of the ongoing need for vigilance and proactive security measures in industrial and networked environments.
