Moxa CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches

Plan PatchCVSS 9.4MPSA-241156Jan 17, 2025

Moxa

Summary

Moxa Ethernet switches contain a missing authentication vulnerability (CVE-2024-9137, CVSS 9.4) that allows attackers to send arbitrary commands to the device and manipulate configurations without entering credentials. The flaw exists in the Moxa service that handles configuration management. Attackers can execute specified commands, leading to unauthorized downloads or uploads of configuration files and potential system compromise. All versions of affected Moxa Ethernet Switch models are impacted, and no vendor patch is currently available.

What this means

What could happen

An attacker can remotely access and modify configurations on your Moxa Ethernet switches without entering credentials, potentially allowing them to redirect network traffic, download sensitive configuration data, or disable connectivity to critical equipment.

Who's at risk

Organizations operating Moxa Ethernet switches in any industrial or mission-critical network should be concerned. This affects any switch model from Moxa used in water utilities, electric power systems, manufacturing, oil and gas, and other critical infrastructure where switch configurations control network traffic routing and redundancy.

How it could be exploited

An attacker on the network (or internet if the switch is exposed) sends commands to the Moxa service running on the switch. Because the switch does not verify credentials before accepting commands, the attacker can manipulate device settings, upload malicious configurations, or extract configuration files containing sensitive information.

Prerequisites

Network reachability to the Moxa service port on the affected switch
No valid credentials required

remotely exploitableno authentication requiredlow complexityno patch availablehigh CVSS score (9.4)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Ethernet SwitchesAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to Moxa Ethernet switches using a firewall—allow only connections from authorized management workstations and block all other inbound connections to the switch management ports

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor the Moxa service port for unauthorized connection attempts and configure alerts if suspicious traffic is detected

HOTFIXCheck with Moxa support for any firmware updates or hotfixes that may be available to add authentication checks

Long-term hardening

0/1

HARDENINGSegregate Moxa switches onto a dedicated management VLAN with restricted access from the production network

CVEs (1)

CVE-2024-9137

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/92992472-e68c-4878-8bfa-2be2febe2e35

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.