Moxa Technologies Alerts Customers to Serious Vulnerabilities in Industrial Routers
Moxa Technologies, a Taiwanese provider specializing in industrial computing solutions, has issued a warning regarding two significant vulnerabilities in its routers and network devices. These issues pose serious security threats to operational technology (OT) environments. The vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140, have been classified as high- and critical-severity risks, respectively, heightening concerns for organizations relying on Moxa’s products for critical infrastructure.
The affected products include several models within Moxa’s portfolio, such as the EDR-810, EDR-8010, NAT-102, and OnCell G4302-LTE4. Users typically implement Moxa’s routers for purposes including remote monitoring, real-time data aggregation for Internet of Things (IoT) applications, and the secure isolation of industrial control systems and programmable logic controllers. As a result, industries such as manufacturing, power generation, and transportation, which depend on reliable data transmission for fleet management and operational efficiency, are particularly vulnerable to these threats.
The vulnerabilities stem from hard-coded credentials and OS command injection flaws. In particular, CVE-2024-9138 enables authenticated attackers to escalate their privileges to root-level access, while CVE-2024-9140 allows for the unauthorized execution of commands that could lead to control over affected systems. This situation has gained urgency given a recent incident involving Four-Faith industrial routers, where a similar command injection vulnerability was exploited by attackers.
According to Moxa’s advisory, CVE-2024-9138 has a Common Vulnerability Scoring System (CVSS) score of 7.2, signifying a high level of severity. In contrast, CVE-2024-9140 has a more alarming CVSS score of 9.8, categorized as critical. Exploitation of these vulnerabilities could enable attackers to disrupt services, manipulate critical operational data, or completely take over affected devices.
In efforts to mitigate the risks, Moxa has recommended several interim security measures. Users are urged to limit network exposure, restrict Secure Shell (SSH) access to trusted IP addresses, and employ intrusion detection and prevention systems. These strategies aim to protect vulnerable systems during the transitional period while fixes are considered.
Importantly, Moxa has clarified that certain product lines—including the MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series—are not affected by these vulnerabilities. As OT environments continue to be attractive targets for cyber attackers, business owners must remain vigilant and proactive in safeguarding their networks.
This incident underscores the need for ongoing awareness of potential cybersecurity threats and reinforces the importance of adhering to best practices in network security. It also highlights the applicability of tactics and techniques identified in the MITRE ATT&CK framework, including initial access, privilege escalation, and persistence, which are critical for understanding how such vulnerabilities could potentially be exploited in targeted attacks.
