Moxa, a leading provider of industrial networking devices, has issued a security advisory warning users of critical vulnerabilities that could potentially expose critical infrastructure to cyberattacks. The affected models, including EDR and TN series routers commonly used in industrial automation, energy, and telecommunications, are at risk of privilege escalation and OS command injection.
The identified vulnerabilities, labeled as CVE-2024-9138 and CVE-2024-9140, pose significant threats to operational systems. CVE-2024-9138 involves hard-coded credentials that could allow an authenticated user to escalate privileges and gain root-level access, while CVE-2024-9140 allows attackers to bypass input restrictions using special characters, potentially leading to unauthorized command execution.
In response to these vulnerabilities, Moxa has urged immediate action to prevent exploitation and mitigate the risks. The company has released firmware updates for several affected models and advised users to upgrade to the latest firmware version to address the vulnerabilities effectively.
For the EDR-810 Series, EDR-8010 Series, EDR-G902 Series, EDR-G903 Series, EDR-G9004 Series, EDR-G9010 Series, and EDF-G1002-BP Series, users are advised to upgrade to firmware version 3.14 or later. However, for the OnCell G4302-LTE4 Series and the TN-4900 Series, users are instructed to contact Moxa’s Technical Support for security patches.
Unfortunately, there is no official patch available for the NAT-102 Series at the moment. In such cases, Moxa recommends implementing mitigations measures, such as minimizing network exposure, restricting SSH access to trusted IP addresses, and deploying IDS or IPS systems to detect and prevent exploitation attempts.
The potential impact of these vulnerabilities, including system compromise, unauthorized modifications, data exposure, and service disruption, underscores the importance of immediate action by industrial operators. Unpatched devices could serve as entry points for advanced persistent threats (APTs), posing a severe risk to essential services.
Industrial operators are strongly encouraged to review their systems, apply updates, and adopt additional protective measures to enhance cybersecurity defenses. Isolating vulnerable devices, deploying firewalls, and implementing network monitoring tools can help safeguard industrial networks against potential cyberattacks.
In conclusion, the discovery of critical vulnerabilities in Moxa’s industrial networking devices serves as a reminder of the constant threat posed by cyberattacks to critical infrastructure. By taking immediate action to address these vulnerabilities and strengthen cybersecurity defenses, industrial operators can mitigate the risks and protect their systems from potential exploitation.