CVE-2024-9404

Summary

This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.

Affected Software

VendorProductVersion RangeStatus
MoxaVPort 07-3 Series1.0affected
MoxaEDS-608 Series1.0 <= 3.12affected
MoxaEDS-611 Series1.0 <= 3.12affected
MoxaEDS-616 Series1.0 <= 3.12affected
MoxaEDS-619 Series1.0 <= 3.12affected
MoxaEDS-405A Series1.0 <= 3.14affected
MoxaEDS-408A Series1.0 <= 3.12affected
MoxaEDS-505A Series1.0 <= 3.11affected
MoxaEDS-508A Series1.0 <= 3.11affected
MoxaEDS-510A Series1.0 <= 3.12affected
MoxaEDS-516A Series1.0 <= 3.11affected
MoxaEDS-518A Series1.0 <= 3.11affected
MoxaEDS-G509 Series1.0 <= 3.10affected
MoxaEDS-P510 Series1.0 <= 3.11affected
MoxaEDS-P510A Series1.0 <= 3.11affected
MoxaEDS-510E Series1.0 <= 5.5affected
MoxaEDS-518E Series1.0 <= 6.3affected
MoxaEDS-528E Series1.0 <= 6.3affected
MoxaEDS-G508E Series1.0 <= 6.4affected
MoxaEDS-G512E Series1.0 <= 6.4affected
MoxaEDS-G516E Series1.0 <= 6.4affected
MoxaEDS-P506E Series1.0 <= 5.8affected
MoxaICS-G7526A Series1.0 <= 5.10affected
MoxaICS-G7528A Series1.0 <= 5.10affected
MoxaICS-G7748A Series1.0 <= 5.9affected
MoxaICS-G7750A Series1.0 <= 5.9affected
MoxaICS-G7752A Series1.0 <= 5.9affected
MoxaICS-G7826A Series1.0 <= 5.10affected
MoxaICS-G7828A Series1.0 <= 5.10affected
MoxaICS-G7848A Series1.0 <= 5.9affected
MoxaICS-G7850A Series1.0 <= 5.9affected
MoxaICS-G7852A Series1.0 <= 5.9affected
MoxaIKS-G6524A Series1.0 <= 5.10affected
MoxaIKS-6726A Series1.0 <= 5.9affected
MoxaIKS-6728A Series1.0 <= 5.9affected
MoxaIKS-G6824A Series1.0 <= 5.10affected
MoxaSDS-3006 Series1.0 <= 3.0affected
MoxaSDS-3008 Series1.0 <= 3.0affected
MoxaSDS-3010 Series1.0 <= 3.0affected
MoxaSDS-3016 Series1.0 <= 3.0affected
MoxaSDS-G3006 Series1.0 <= 3.0affected
MoxaSDS-G3008 Series1.0 <= 3.0affected
MoxaSDS-G3010 Series1.0 <= 3.0affected
MoxaSDS-G3016 Series1.0 <= 3.0affected
MoxaPT-7728 Series1.0 <= 3.9affected
MoxaPT-7828 Series1.0 <= 4.0affected
MoxaPT-G503 Series1.0 <= 5.3affected
MoxaPT-G510 Series1.0 <= 6.5affected

Weaknesses

  • CWE-1287: CWE-1287: Improper Validation of Specified Type of Input

Workarounds

To mitigate the risks associated with this vulnerability, we recommend the following actions:

  • Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References