Moxa CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches

Plan Patch9.4MPSA-241156Jan 17, 2025

Summary

CVE-2024-9137 is a missing authentication vulnerability in Moxa Ethernet switches that allows attackers to execute commands on the device via the Moxa service without providing credentials. An attacker can download or upload configuration files, manipulate device settings, and potentially compromise the entire network infrastructure. The vulnerability affects all versions of the affected Moxa switch models, and no firmware fix is currently available from the vendor.

What this means

What could happen

An attacker can send unauthorized commands to Moxa Ethernet switches over the network without credentials, allowing them to download or upload configuration files and potentially disable or reconfigure your network infrastructure.

Who's at risk

Water authorities and municipal utilities using Moxa industrial Ethernet switches for network infrastructure, particularly in critical control networks or SCADA systems. Any organization relying on these switches for PLC-to-network connectivity is affected, regardless of version.

How it could be exploited

An attacker with network access to the Moxa switch sends commands directly to the Moxa service port without authentication. The switch lacks authentication checks on critical functions, allowing the attacker to execute arbitrary commands to manipulate configurations, extract backups, or inject malicious settings.

Prerequisites

Network access to the Moxa Ethernet switch (typically Modbus/OPC ports or management interface)
No credentials required

Remotely exploitableNo authentication requiredLow complexityNo patch availableCritical CVSS score (9.4)Affects network infrastructure essential to operations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Ethernet SwitchesAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to affected Moxa switches using firewall rules; allow only trusted management workstations to communicate with the devices on their management ports

WORKAROUNDDisable or restrict the Moxa service if it is not actively required for operations

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate Moxa switches from untrusted networks and limit lateral movement from compromised devices

HARDENINGMonitor for unusual configuration changes or unauthorized command submissions to the Moxa switches

CVEs (1)

CVE-2024-9137

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/92992472-e68c-4878-8bfa-2be2febe2e35