OTPulse

Moxa CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches

Plan PatchCVSS 8.7MPSA-240933Feb 19, 2025
Moxa
Summary

CVE-2024-9404 is a denial-of-service vulnerability in Moxa PT switches affecting all versions. The moxa_cmd service, used for deployment and management, contains insufficient input validation (CWE-1287) that allows unauthenticated remote attackers to trigger a cold start or service crash. Exploitation could disrupt network operations if the switch is exposed to untrusted networks. Unauthenticated remote exploitation is possible, and the CVSS 3.1 score is 7.5 with CVSS 4.0 score of 8.7.

What this means
What could happen
An attacker could remotely trigger a denial-of-service condition or crash on Moxa PT switches by sending malformed input to the moxa_cmd service, temporarily disabling network connectivity and device management until the switch restarts.
Who's at risk
Water and electric utilities using Moxa PT switches for industrial network management, especially those with switches exposed to public networks or accessible from untrusted segments of the network. All versions of Moxa PT switches are affected.
How it could be exploited
An attacker with network access to the affected PT switch can send specially crafted input to the moxa_cmd service (port typically used for management traffic). The service lacks input validation, allowing the attacker to trigger a cold start or system crash without authentication.
Prerequisites
  • Network access to the moxa_cmd service port on the PT switch
  • No authentication required
  • PT switch exposed to or reachable from an untrusted network
remotely exploitableno authentication requiredlow complexityno patch availableaffects network infrastructure availability
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
Multiple PT SwitchesAll versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the moxa_cmd service port to only authorized management workstations and engineering staff. Use firewall rules or switch access control lists to block inbound connections from untrusted networks.
HARDENINGDisable the moxa_cmd service on PT switches if not actively required for deployment or management operations.
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor moxa_cmd service traffic for unusual patterns or repeated connection attempts that could indicate exploitation attempts.
Long-term hardening
0/1
HARDENINGSegregate PT switches onto a dedicated management VLAN with restricted access from the general plant network and any internet-facing segments.
View full Moxa Security advisory
API: /api/v1/advisories/0ad426bb-2ee2-409e-b6c6-54c2ce320d11

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Moxa CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches | CVSS 8.7 - OTPulse