Moxa Multiple Moxa Product Series Affected by Linux Kernel Memory Double Free Vulnerability

Act Now7.8MPSA-249807Jul 10, 2024

Summary

Multiple Moxa product series are affected by CVE-2024-1086, a use-after-free vulnerability in the Linux kernel netfilter nf_tables component. An attacker with local access to the device could exploit this vulnerability to escalate privileges to root or cause a system crash. The CVSS score is 7.8 (high severity), and the vulnerability is actively being exploited in the wild. Currently, no patch is available from Moxa for affected products.

What this means

What could happen

An attacker with local access to a Moxa device could exploit a Linux kernel memory vulnerability to escalate privileges or crash the system, disrupting operations of connected equipment like remote I/O modules and industrial switches.

Who's at risk

This affects all versions of Moxa uct (Universal Controller Terminal) and other Moxa product series that use the vulnerable Linux kernel. Any organization operating Moxa remote I/O modules, industrial switches, or gateways in water utilities, electric utilities, or process control environments should assess their inventory.

How it could be exploited

An attacker with local shell access (or via a compromised application running on the device) could trigger a use-after-free condition in the netfilter nf_tables kernel component. This could either crash the device or allow privilege escalation to root, enabling full control of the system.

Prerequisites

Local command execution on the Moxa device (shell access or vulnerability in a running service)
Low complexity kernel exploit
No authentication required once local access is obtained

Actively exploited (KEV)High EPSS score (85.2%)No patch availableLow complexity exploitationLocal privilege escalation leads to full device compromise

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

uctAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

HOTFIXContact Moxa support for security patches or firmware updates. Since no fix is currently available, prioritize monitoring the Moxa advisory page (MPSA-249807) for updates.

WORKAROUNDRestrict local shell access to the Moxa device to authorized personnel only; disable remote management protocols (SSH, telnet) if not required for operations.

Long-term hardening

0/2

HARDENINGSegment Moxa devices onto a dedicated OT network with restricted access from general IT networks and workstations.

HARDENINGDeploy a host-based intrusion detection system or monitoring on the Moxa device to detect exploitation attempts and unusual process behavior.

CVEs (1)

CVE-2024-1086

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/93983340-95ed-4296-a3d1-c92f6241fb02