Moxa MXsecurity Series Multiple Vulnerabilities

MonitorCVSS 5.3MPSA-231878Oct 18, 2024

Moxa

Summary

MXsecurity Series version 1.1.0 and prior contain two vulnerabilities: (1) CVE-2024-4739 - Lack of access restrictions allow attackers to pose as authorized users and access protected resources after acquiring a valid authenticator; (2) CVE-2024-4740 - Hard-coded credentials embedded in the software allow attackers to tamper with sensitive data. Both vulnerabilities are remotely exploitable without authentication and affect the confidentiality and integrity of security-critical functions.

What this means

What could happen

An attacker could gain unauthorized access to MXsecurity software and read or modify sensitive data by exploiting exposed access controls and hard-coded credentials, potentially compromising your network security monitoring and response capabilities.

Who's at risk

This affects organizations using Moxa MXsecurity Series for network security monitoring and management. Any facility relying on MXsecurity for threat detection, incident response coordination, or security data collection should treat this as a priority, including utilities, water authorities, manufacturing plants, and critical infrastructure operators.

How it could be exploited

An attacker can remotely exploit weak access restrictions to acquire valid authenticators without proper authorization, then use those credentials or hard-coded passwords to impersonate authorized users and access protected resources or sensitive data within the MXsecurity application.

Prerequisites

Network access to MXsecurity application
Ability to discover or obtain valid authenticators
No special privileges or user interaction required

remotely exploitableno authentication requiredlow complexityhard-coded credentialsno patch available

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (1)

ProductAffected VersionsFix Status

MXsecurity Series Multiple VulnerabilitiesAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate MXsecurity systems on a restricted management network segment with firewall rules limiting access to authorized administrative workstations only

HARDENINGDisable or restrict remote access to MXsecurity administrative interfaces; enforce access through a jump server or VPN with multi-factor authentication

WORKAROUNDChange all default and hard-coded credentials in MXsecurity immediately; document and securely store new credentials in your password management system

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGEnable audit logging on MXsecurity to track all authentication attempts and data access; review logs regularly for suspicious activity

HOTFIXMonitor vendor communications for firmware updates or patches; when available, schedule and apply updates during planned maintenance windows

CVEs (2)

CVE-2024-4739 CVE-2024-4740

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9849cc72-924a-42fb-bbd2-dcf2f1c8fd0f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.