Moxa CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches

Plan Patch8.7MPSA-240931Feb 7, 2025

Summary

CVE-2024-9404 is a denial-of-service vulnerability in Moxa EDS, ICS, IKS, and SDS managed switches. The moxa_cmd service, used for device deployment and management, fails to properly validate input. An attacker can send malformed packets to this service to trigger a cold start or crash, causing the switch to reboot and interrupt network operations. The vulnerability requires only network access and no authentication. If the switch is exposed to public networks or accessible from untrusted network segments, exploitation is trivial.

What this means

What could happen

An attacker could send a specially crafted message to the moxa_cmd service on affected switches, causing them to reboot or stop responding, disrupting network connectivity for critical infrastructure systems.

Who's at risk

Network infrastructure teams operating Moxa EDS (Entry-level), ICS (Industrial), IKS (Industrial), and SDS (Secure) managed switches in water treatment, electric utility SCADA networks, and other critical infrastructure. Anyone with these switches in remote or internet-exposed locations is at highest risk.

How it could be exploited

An attacker with network access to port used by the moxa_cmd service (typically port 4800 or similar) sends malformed input to the unvalidated service. The service crashes or triggers a cold start, causing the switch to reboot and interrupt network traffic for connected industrial devices.

Prerequisites

Network access to the Moxa switch management port (moxa_cmd service)
No authentication required
Switch must be reachable from attacker's network location

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (8.7)No patch available for SDS lineCould interrupt critical operations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

SDS SwitchesAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the moxa_cmd service using firewall rules or access control lists; allow only authorized engineering and management systems to reach the switch management ports

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the moxa_cmd service for anomalous or malformed requests

HOTFIXCheck Moxa's advisory for firmware updates once available; apply patches to other affected product lines (EDS, ICS, IKS) when released

Mitigations - no patch available

0/1

SDS Switches has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment the switch management network from operational traffic networks to limit exposure

CVEs (1)

CVE-2024-9404

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8eac8772-2d7a-4b9a-9982-be74c28594f2