Search criteria
10 vulnerabilities found for PT-G510 Series by Moxa
CERTFR-2025-AVI-0147
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | PT-7828 Series | PT-7828 Series sans les derniers correctifs de sécurité | ||
| Moxa | PT-G510 Series | PT-G510 Series sans les derniers correctifs de sécurité | ||
| Moxa | PT-7728 Series | PT-7728 Series sans les derniers correctifs de sécurité | ||
| Moxa | PT-G503 Series | PT-G503 Series sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PT-7828 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "PT-7828 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "PT-G510 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "PT-G510 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "PT-7728 Series\u00a0sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "PT-7728 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "PT-G503 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "PT-G503 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9404",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9404"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0147",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Moxa. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Moxa",
"vendor_advisories": [
{
"published_at": "2025-02-19",
"title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-240933",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches"
}
]
}
CVE-2024-7695 (GCVE-0-2024-7695)
Vulnerability from cvelistv5 – Published: 2025-01-29 07:42 – Updated: 2025-02-22 14:48
VLAI?
Summary
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | PT-7728 Series |
Affected:
1.0 , ≤ 3.9
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:21:18.811300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:14.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G4500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G6500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T14:48:56.211Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240164-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-en-50155-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches\"\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches\"\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Please refer to the security advisories:\n * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches \n\n * CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches \n\n * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Out-of-bounds Write Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "To mitigate the risks associated with this vulnerability, we recommend the following actions: \n\n\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-7695",
"datePublished": "2025-01-29T07:42:54.913Z",
"dateReserved": "2024-08-12T03:06:13.231Z",
"dateUpdated": "2025-02-22T14:48:56.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12297 (GCVE-0-2024-12297)
Vulnerability from cvelistv5 – Published: 2025-01-15 10:00 – Updated: 2025-03-06 08:27
VLAI?
Summary
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
Severity ?
CWE
- CWE-656 - Reliance on Security Through Obscurity
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDS-508A Series |
Affected:
1.0 , ≤ 3.11
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Artem Turyshev from Rosatom Automated Control Systems Joint-Stock Company
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T14:49:11.063174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T14:49:22.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-508 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7528 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Artem Turyshev from Rosatom Automated Control Systems Joint-Stock Company"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa\u2019s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.\u003cbr\u003e"
}
],
"value": "Moxa\u2019s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49: Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-656",
"description": "CWE-656: Reliance on Security Through Obscurity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T08:27:52.297Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMoxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eEDS-508A Series: Please contact Moxa Technical Support for the security patch\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePT Series:\u0026nbsp;Please contact Moxa Technical Support for the security patch\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n * EDS-508A Series: Please contact Moxa Technical Support for the security patch\n\n\n * PT Series:\u00a0Please contact Moxa Technical Support for the security patch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend Authorization Logic Disclosure Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet.\u003c/li\u003e\u003cli\u003eLimit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers. \u003c/li\u003e\u003cli\u003eImplement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks. \u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers. \n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-12297",
"datePublished": "2025-01-15T10:00:46.524Z",
"dateReserved": "2024-12-06T04:02:40.742Z",
"dateUpdated": "2025-03-06T08:27:52.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9404 (GCVE-0-2024-9404)
Vulnerability from cvelistv5 – Published: 2024-12-04 03:54 – Updated: 2025-08-27 21:36
VLAI?
Summary
This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.
Severity ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | VPort 07-3 Series |
Affected:
1.0
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa's cybersecurity testing team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T20:10:01.447858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:36:46.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VPort 07-3 Series",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa\u0027s cybersecurity testing team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6: Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Limited Impact: In some cases, the vulnerability may only cause the network server service (HTTPS on port 443) to restart. This does not disrupt the device\u2019s core functions, and after an automatic restart, the service resumes normal operation."
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Limited Impact: In some cases, the vulnerability may only cause the network server service (HTTPS on port 443) to restart. This does not disrupt the device\u2019s core functions, and after an automatic restart, the service resumes normal operation."
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Higher Impact: In more severe exploitation scenarios, attackers can leverage the Moxa service (moxa_cmd), originally intended for deployment purposes. Due to insufficient input validation, this can lead to a cold start or a denial-of-service (DoS) condition, resulting in a full device reboot and potential service disruptions."
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Higher Impact: In more severe exploitation scenarios, attackers can leverage the Moxa service (moxa_cmd), originally intended for deployment purposes. Due to insufficient input validation, this can lead to a cold start or a denial-of-service (DoS) condition, resulting in a full device reboot and potential service disruptions."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T01:56:28.176Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePlease refer to the security advisories:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series\"\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches\"\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Please refer to the security advisories:\n\n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series \n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches \n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo mitigate the risks\nassociated with this vulnerability, we recommend the following actions:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003eDisable Moxa Service and Moxa Service\n (Encrypted) temporarily if they are not required for operations. This will\n minimize potential attack vectors until a patch or updated firmware is\n applied.\u003c/li\u003e\n\u003c/ul\u003e"
}
],
"value": "To mitigate the risks\nassociated with this vulnerability, we recommend the following actions:\n\n\n\n\n * Disable Moxa Service and Moxa Service\n (Encrypted) temporarily if they are not required for operations. This will\n minimize potential attack vectors until a patch or updated firmware is\n applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9404",
"datePublished": "2024-12-04T03:54:32.073Z",
"dateReserved": "2024-10-01T06:37:38.790Z",
"dateUpdated": "2025-08-27T21:36:46.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9137 (GCVE-0-2024-9137)
Vulnerability from cvelistv5 – Published: 2024-10-14 08:09 – Updated: 2025-09-19 08:08
VLAI?
Summary
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Severity ?
9.4 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDR-8010 Series |
Affected:
1.0 , ≤ 3.12.1
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lars Haulin
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncell_g4302-lte4",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edf-g1002-bp",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9004",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-8010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-14T15:27:27.483068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T14:32:26.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDR-8010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9004 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDF-G1002-BP Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OnCell G4302-LTE4 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.14.4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.14.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4500A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-5500A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G4500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G6500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lars Haulin"
}
],
"datePublic": "2024-10-14T08:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\u003c/p\u003e"
}
],
"value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T08:08:52.357Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances\"\u003eMissing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\"\u003eCVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Please refer to the security advisories:\n * Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances \n\n * CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Moxa Service Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to the \u003cem\u003eGeneral Security Best Practices\u003c/em\u003e\u0026nbsp;section to further strengthen your security posture.\u003c/p\u003e"
}
],
"value": "To mitigate the risks associated with this vulnerability, we recommend the following actions:\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\n\n\nRefer to the General Security Best Practices\u00a0section to further strengthen your security posture."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9137",
"datePublished": "2024-10-14T08:09:22.689Z",
"dateReserved": "2024-09-24T07:11:35.456Z",
"dateUpdated": "2025-09-19T08:08:52.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7695 (GCVE-0-2024-7695)
Vulnerability from nvd – Published: 2025-01-29 07:42 – Updated: 2025-02-22 14:48
VLAI?
Summary
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | PT-7728 Series |
Affected:
1.0 , ≤ 3.9
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:21:18.811300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:14.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G4500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G6500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T14:48:56.211Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240164-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-en-50155-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches\"\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches\"\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Please refer to the security advisories:\n * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches \n\n * CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches \n\n * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Out-of-bounds Write Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "To mitigate the risks associated with this vulnerability, we recommend the following actions: \n\n\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-7695",
"datePublished": "2025-01-29T07:42:54.913Z",
"dateReserved": "2024-08-12T03:06:13.231Z",
"dateUpdated": "2025-02-22T14:48:56.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12297 (GCVE-0-2024-12297)
Vulnerability from nvd – Published: 2025-01-15 10:00 – Updated: 2025-03-06 08:27
VLAI?
Summary
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
Severity ?
CWE
- CWE-656 - Reliance on Security Through Obscurity
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDS-508A Series |
Affected:
1.0 , ≤ 3.11
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Artem Turyshev from Rosatom Automated Control Systems Joint-Stock Company
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T14:49:11.063174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T14:49:22.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-508 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7528 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Artem Turyshev from Rosatom Automated Control Systems Joint-Stock Company"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa\u2019s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.\u003cbr\u003e"
}
],
"value": "Moxa\u2019s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49: Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-656",
"description": "CWE-656: Reliance on Security Through Obscurity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T08:27:52.297Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMoxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eEDS-508A Series: Please contact Moxa Technical Support for the security patch\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePT Series:\u0026nbsp;Please contact Moxa Technical Support for the security patch\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n * EDS-508A Series: Please contact Moxa Technical Support for the security patch\n\n\n * PT Series:\u00a0Please contact Moxa Technical Support for the security patch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend Authorization Logic Disclosure Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet.\u003c/li\u003e\u003cli\u003eLimit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers. \u003c/li\u003e\u003cli\u003eImplement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks. \u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers. \n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-12297",
"datePublished": "2025-01-15T10:00:46.524Z",
"dateReserved": "2024-12-06T04:02:40.742Z",
"dateUpdated": "2025-03-06T08:27:52.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9404 (GCVE-0-2024-9404)
Vulnerability from nvd – Published: 2024-12-04 03:54 – Updated: 2025-08-27 21:36
VLAI?
Summary
This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.
Severity ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | VPort 07-3 Series |
Affected:
1.0
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa's cybersecurity testing team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T20:10:01.447858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:36:46.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VPort 07-3 Series",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa\u0027s cybersecurity testing team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6: Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Limited Impact: In some cases, the vulnerability may only cause the network server service (HTTPS on port 443) to restart. This does not disrupt the device\u2019s core functions, and after an automatic restart, the service resumes normal operation."
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Limited Impact: In some cases, the vulnerability may only cause the network server service (HTTPS on port 443) to restart. This does not disrupt the device\u2019s core functions, and after an automatic restart, the service resumes normal operation."
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Higher Impact: In more severe exploitation scenarios, attackers can leverage the Moxa service (moxa_cmd), originally intended for deployment purposes. Due to insufficient input validation, this can lead to a cold start or a denial-of-service (DoS) condition, resulting in a full device reboot and potential service disruptions."
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Higher Impact: In more severe exploitation scenarios, attackers can leverage the Moxa service (moxa_cmd), originally intended for deployment purposes. Due to insufficient input validation, this can lead to a cold start or a denial-of-service (DoS) condition, resulting in a full device reboot and potential service disruptions."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T01:56:28.176Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePlease refer to the security advisories:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series\"\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches\"\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Please refer to the security advisories:\n\n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series \n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches \n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo mitigate the risks\nassociated with this vulnerability, we recommend the following actions:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003eDisable Moxa Service and Moxa Service\n (Encrypted) temporarily if they are not required for operations. This will\n minimize potential attack vectors until a patch or updated firmware is\n applied.\u003c/li\u003e\n\u003c/ul\u003e"
}
],
"value": "To mitigate the risks\nassociated with this vulnerability, we recommend the following actions:\n\n\n\n\n * Disable Moxa Service and Moxa Service\n (Encrypted) temporarily if they are not required for operations. This will\n minimize potential attack vectors until a patch or updated firmware is\n applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9404",
"datePublished": "2024-12-04T03:54:32.073Z",
"dateReserved": "2024-10-01T06:37:38.790Z",
"dateUpdated": "2025-08-27T21:36:46.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9137 (GCVE-0-2024-9137)
Vulnerability from nvd – Published: 2024-10-14 08:09 – Updated: 2025-09-19 08:08
VLAI?
Summary
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Severity ?
9.4 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDR-8010 Series |
Affected:
1.0 , ≤ 3.12.1
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lars Haulin
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncell_g4302-lte4",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edf-g1002-bp",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9004",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-8010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-14T15:27:27.483068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T14:32:26.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDR-8010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9004 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDF-G1002-BP Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OnCell G4302-LTE4 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.14.4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.14.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4500A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-5500A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G4500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G6500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lars Haulin"
}
],
"datePublic": "2024-10-14T08:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\u003c/p\u003e"
}
],
"value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T08:08:52.357Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances\"\u003eMissing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\"\u003eCVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Please refer to the security advisories:\n * Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances \n\n * CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Moxa Service Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to the \u003cem\u003eGeneral Security Best Practices\u003c/em\u003e\u0026nbsp;section to further strengthen your security posture.\u003c/p\u003e"
}
],
"value": "To mitigate the risks associated with this vulnerability, we recommend the following actions:\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\n\n\nRefer to the General Security Best Practices\u00a0section to further strengthen your security posture."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9137",
"datePublished": "2024-10-14T08:09:22.689Z",
"dateReserved": "2024-09-24T07:11:35.456Z",
"dateUpdated": "2025-09-19T08:08:52.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}