Moxa CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches

Plan Patch8.7MPSA-240933Feb 19, 2025

Summary

CVE-2024-9404 is a denial-of-service vulnerability in Moxa PT switches caused by insufficient input validation in the moxa_cmd service. An unauthenticated remote attacker can send malformed input to trigger a cold start or crash the switch, disrupting network and process control operations. The vulnerability affects all versions of Moxa PT switches and currently has no vendor patch available.

What this means

What could happen

An attacker can remotely crash or force a cold restart of Moxa PT switches by sending specially crafted input to the moxa_cmd service, interrupting network connectivity and process control for connected devices.

Who's at risk

Network operators and facilities managers running Moxa PT switches (all versions) in environments where the switches are reachable from external or untrusted networks. This includes water utilities, electrical substations, manufacturing plants, and any industrial site using Moxa switches for network infrastructure or SCADA communications.

How it could be exploited

An attacker sends malformed input to the moxa_cmd service (port typically 2717) on an exposed Moxa PT switch. The insufficient input validation allows the attacker to trigger an unhandled exception or resource exhaustion, causing the switch to cold start or deny service. No authentication is required.

Prerequisites

Network access to the moxa_cmd service port (typically 2717 or 2717/tcp)
Moxa PT switch reachable from attacker's network (no firewall/access control blocking port 2717)
Ability to send raw network packets or use basic network tools to send specially crafted input

remotely exploitableno authentication requiredlow complexity attackno patch availablehigh CVSS score (8.7)affects network infrastructure/connectivity

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Multiple PT SwitchesAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate Moxa PT switches from untrusted networks using firewall rules or network segmentation; block inbound access to port 2717 (moxa_cmd service) from outside your management network

WORKAROUNDDisable or restrict the moxa_cmd service if not actively used for device deployment; document any deployment procedures that depend on it

HARDENINGMonitor network traffic to Moxa PT switches for unauthorized access attempts to port 2717; alert on connection attempts from unexpected sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXWork with Moxa to obtain a firmware patch when available; evaluate upgrade timing based on maintenance windows and operational impact

CVEs (1)

CVE-2024-9404

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ad426bb-2ee2-409e-b6c6-54c2ce320d11