Moxa PT Switches Vulnerable to CVE-2024-9404 Denial-of-Service Attack

Moxa, a leading provider of industrial networking solutions, has issued a security advisory regarding a critical denial-of-service (DoS) vulnerability affecting multiple models of its PT switches. The vulnerability, tracked as CVE-2024-9404 and assigned a CVSS score of 7.5, could allow attackers to disrupt operations by causing a system or service crash.

The vulnerability stems from insufficient input validation in the Moxa service, known as moxa_cmd, which is primarily used for deployment purposes. Attackers can exploit this vulnerability to trigger a cold start or DoS condition, potentially shutting down the affected systems.

The following Moxa PT switch series are affected by this vulnerability:

PT-7728 Series (firmware version 3.9 and earlier)
PT-7828 Series (firmware version 4.0 and earlier)
PT-G503 Series (firmware version 5.3 and earlier)
PT-G510 Series (firmware version 6.5 and earlier)

CVE-2024-9404 poses a significant remote threat if the affected PT switches are exposed to publicly accessible networks. Attackers could exploit this vulnerability to disrupt critical operations in various industrial environments.

Moxa has released security patches to address this vulnerability for all affected PT switch series. Users are strongly advised to contact Moxa Technical Support to obtain and apply the appropriate patch for their specific product.

Product Series	Patch Version
PT-7728 Series	3.9.2
PT-7828 Series	4.0.4
PT-G503 Series	5.3.6
PT-G510 Series	6.5.8

As a temporary mitigation measure, Moxa recommends disabling the Moxa service and Moxa service (encrypted) if they are not essential for operations. This will help minimize potential attack vectors until a patch can be applied.

Rate this post

Tags: CVE-2024-9404 Moxa PT switches

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply