CVE-2024-9404
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Summary
This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | VPort 07-3 Series | 1.0 | affected |
| Moxa | EDS-608 Series | 1.0 <= 3.12 | affected |
| Moxa | EDS-611 Series | 1.0 <= 3.12 | affected |
| Moxa | EDS-616 Series | 1.0 <= 3.12 | affected |
| Moxa | EDS-619 Series | 1.0 <= 3.12 | affected |
| Moxa | EDS-405A Series | 1.0 <= 3.14 | affected |
| Moxa | EDS-408A Series | 1.0 <= 3.12 | affected |
| Moxa | EDS-505A Series | 1.0 <= 3.11 | affected |
| Moxa | EDS-508A Series | 1.0 <= 3.11 | affected |
| Moxa | EDS-510A Series | 1.0 <= 3.12 | affected |
| Moxa | EDS-516A Series | 1.0 <= 3.11 | affected |
| Moxa | EDS-518A Series | 1.0 <= 3.11 | affected |
| Moxa | EDS-G509 Series | 1.0 <= 3.10 | affected |
| Moxa | EDS-P510 Series | 1.0 <= 3.11 | affected |
| Moxa | EDS-P510A Series | 1.0 <= 3.11 | affected |
| Moxa | EDS-510E Series | 1.0 <= 5.5 | affected |
| Moxa | EDS-518E Series | 1.0 <= 6.3 | affected |
| Moxa | EDS-528E Series | 1.0 <= 6.3 | affected |
| Moxa | EDS-G508E Series | 1.0 <= 6.4 | affected |
| Moxa | EDS-G512E Series | 1.0 <= 6.4 | affected |
| Moxa | EDS-G516E Series | 1.0 <= 6.4 | affected |
| Moxa | EDS-P506E Series | 1.0 <= 5.8 | affected |
| Moxa | ICS-G7526A Series | 1.0 <= 5.10 | affected |
| Moxa | ICS-G7528A Series | 1.0 <= 5.10 | affected |
| Moxa | ICS-G7748A Series | 1.0 <= 5.9 | affected |
| Moxa | ICS-G7750A Series | 1.0 <= 5.9 | affected |
| Moxa | ICS-G7752A Series | 1.0 <= 5.9 | affected |
| Moxa | ICS-G7826A Series | 1.0 <= 5.10 | affected |
| Moxa | ICS-G7828A Series | 1.0 <= 5.10 | affected |
| Moxa | ICS-G7848A Series | 1.0 <= 5.9 | affected |
| Moxa | ICS-G7850A Series | 1.0 <= 5.9 | affected |
| Moxa | ICS-G7852A Series | 1.0 <= 5.9 | affected |
| Moxa | IKS-G6524A Series | 1.0 <= 5.10 | affected |
| Moxa | IKS-6726A Series | 1.0 <= 5.9 | affected |
| Moxa | IKS-6728A Series | 1.0 <= 5.9 | affected |
| Moxa | IKS-G6824A Series | 1.0 <= 5.10 | affected |
| Moxa | SDS-3006 Series | 1.0 <= 3.0 | affected |
| Moxa | SDS-3008 Series | 1.0 <= 3.0 | affected |
| Moxa | SDS-3010 Series | 1.0 <= 3.0 | affected |
| Moxa | SDS-3016 Series | 1.0 <= 3.0 | affected |
| Moxa | SDS-G3006 Series | 1.0 <= 3.0 | affected |
| Moxa | SDS-G3008 Series | 1.0 <= 3.0 | affected |
| Moxa | SDS-G3010 Series | 1.0 <= 3.0 | affected |
| Moxa | SDS-G3016 Series | 1.0 <= 3.0 | affected |
| Moxa | PT-7728 Series | 1.0 <= 3.9 | affected |
| Moxa | PT-7828 Series | 1.0 <= 4.0 | affected |
| Moxa | PT-G503 Series | 1.0 <= 5.3 | affected |
| Moxa | PT-G510 Series | 1.0 <= 6.5 | affected |
Weaknesses
- CWE-1287: CWE-1287: Improper Validation of Specified Type of Input
Workarounds
To mitigate the risks associated with this vulnerability, we recommend the following actions:
- Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.