Moxa CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches

Plan PatchCVSS 8.7MPSA-240931Feb 7, 2025

Moxa

Summary

Moxa EDS, ICS, IKS, and SDS switches contain a vulnerability in the moxa_cmd service that lacks proper input validation. An attacker can send crafted input to this service to trigger a denial-of-service condition, causing the switch to crash or cold start and taking it offline. If the affected switches are exposed to untrusted networks, attackers could disrupt operations by shutting down critical network infrastructure.

What this means

What could happen

An attacker can crash or force a cold restart of affected Moxa switches by sending malformed commands to the moxa_cmd service, causing loss of network connectivity and interruption to water/power distribution operations that depend on these switches for communication.

Who's at risk

Water and electric utilities using Moxa EDS, ICS, IKS, or SDS industrial switches for network connectivity should be concerned. These switches are commonly used to connect PLCs, RTUs, and SCADA systems in substations, treatment plants, and pump stations. A denial-of-service attack could interrupt communication between control systems and field devices.

How it could be exploited

An attacker sends a specially crafted input to the moxa_cmd service on the affected switch. Because the service does not properly validate the input, it crashes or triggers a cold start, taking the switch offline and disrupting network connectivity to downstream devices.

Prerequisites

Network access to the moxa_cmd service port (typically accessible on the switch management interface)
No authentication required

remotely exploitableno authentication requiredlow complexityaffects network availabilityall product versions vulnerable

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

SDS SwitchesAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to moxa_cmd service port on affected Moxa switches to authorized management networks only using firewall rules or switch ACLs

WORKAROUNDDisable or isolate the moxa_cmd service if it is not required for ongoing operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Moxa for security updates and apply patches to EDS, ICS, and IKS switches when available

Mitigations - no patch available

0/1

SDS Switches has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to prevent untrusted networks from reaching switch management interfaces

CVEs (1)

CVE-2024-9404

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8eac8772-2d7a-4b9a-9982-be74c28594f2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.