As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Sign In
Home Support Security Advisories CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches

Product support

Security Advisories

Please sign in

Forgot your password?
Sign In
Remember Me.
Not a member? Sign up now
SUMMARY

CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches

  • Security Advisory ID: MPSA-240933
  • Version: V1.2
  • Release Date: Feb 19, 2025
  • Reference:

    CVE-2024-9404 (Moxa) 

Multiple PT switches are affected by a high-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a system or service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment purposes. Due to insufficient input validation, this service can be exploited to trigger a cold start or denial-of-service condition. 

This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Given the severity of this issue, immediate action is strongly recommended to mitigate potential exploitation. 

The Identified Vulnerability Type and Potential Impact 

Item Vulnerability Type Impact
1

CWE-1287: Improper Validation of Specified Type of Input (CVE-2024-9404) 

 This vulnerability (CVE-2024-9404) could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems. 

Vulnerability Scoring Details 

ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2024-9404

CVSS 3.1: 7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

 High Yes
CVSS 4.0: 8.7

AV:N/AC:L/AT:N/PR:N/UI:N/

VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

AFFECTED PRODUCTS AND SOLUTIONS

Products Affected by CVE-2024-9404 

Affected products and their firmware versions are listed in the following table: 

Product Series Affected Versions
PT-7728 Series  Firmware version 3.9 and earlier 
PT-7828 Series  Firmware version 4.0 and earlier 
PT-G503 Series  Firmware version 5.3 and earlier 
PT-G510 Series  Firmware version 6.5 and earlier 

 

Solutions

Moxa has developed appropriate solutions to address this vulnerability. The solutions for the affected products are listed in the following table:

Product Series Solutions
PT-7728 Series 

Please contact Moxa Technical Support for the security patch.

Note: The security patch version 3.9.2 addresses the following vulnerabilities:

  1. CVE-2024-9137: Missing authentication, which could allow unauthorized configuration changes.
  2. CVE-2024-7695: Out-of-bounds write vulnerability, potentially leading to a denial-of-service (DoS) attack.
  3. CVE-2024-9404: Denial-of-service vulnerability, which could result in system crashes or reboots.
PT-7828 Series 

Please contact Moxa Technical Support for the security patch.

Note: The security patch version 4.0.4 addresses the following vulnerabilities:

  1. CVE-2024-9137: Missing authentication, which could allow unauthorized configuration changes.
  2. CVE-2024-7695: Out-of-bounds write vulnerability, potentially leading to a denial-of-service (DoS) attack.
  3. CVE-2024-9404: Denial-of-service vulnerability, which could result in system crashes or reboots.
PT-G503 Series 

Please contact Moxa Technical Support for the security patch.

Note: The security patch version 5.3.6 addresses the following vulnerabilities:

  1. CVE-2024-9137: Missing authentication, which could allow unauthorized configuration changes.
  2. CVE-2024-7695: Out-of-bounds write vulnerability, potentially leading to a denial-of-service (DoS) attack.
  3. CVE-2024-9404: Denial-of-service vulnerability, which could result in system crashes or reboots.
PT-G510 Series 

Please contact Moxa Technical Support for the security patch.

Note: The security patch version 6.5.8 addresses the following vulnerabilities:

  1. CVE-2024-9137: Missing authentication, which could allow unauthorized configuration changes.
  2. CVE-2024-7695: Out-of-bounds write vulnerability, potentially leading to a denial-of-service (DoS) attack.
  3. CVE-2024-9404: Denial-of-service vulnerability, which could result in system crashes or reboots.

 

Mitigations

To mitigate the risks associated with this vulnerability, we recommend the following actions: 

  • Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.

Refer to the General Security Recommendations section to further strengthen your security posture. 

 

General Security Recommendations

To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:

  1. Restrict Network Access
    • Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
    • Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
  2. Minimize Exposure
    • Avoid exposing devices directly to the Internet.
    • Disable unused network services and ports to reduce the attack surface.
  3. Enhance Device Authentication and Access Control
    • Implement multi-factor authentication (MFA) for accessing critical systems.
    • Use role-based access control (RBAC) to enforce the principle of least privilege.
  4. Regularly Update Firmware and Software
    • Keep devices updated with the latest firmware versions and security patches.
    • Establish a regular patch management schedule to address newly identified vulnerabilities.
  5. Secure Remote Access
    • Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
    • Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
  6. Implement Anomaly Detection Techniques
    • Monitor network traffic and device behavior for unusual or unauthorized activities.
    • Use tools or techniques that can identify anomalies and provide alerts for potential threats.
  7. Implement Logging and Monitoring
    • Enable event logging and maintain audit trails on devices.
    • Regularly review logs for anomalies and unauthorized access attempts.
  8. Conduct Regular Security Assessments
    • Perform vulnerability assessments to identify potential risks.
    • Regularly review device configurations to ensure compliance with security policies.

 

Acknowledgement

We would like to express our gratitude to YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa's cybersecurity technology team for reporting the vulnerability, collaborating with us to enhance the security of our products, and contributing to our efforts to deliver better service to our customers. 

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release January 19, 2025
1.1

Updated the version information of the security patch that fixes the vulnerabilities in the solution

February 21, 2025
1.2 Updated the Acknowledgement section

February 26, 2025

Relevant Products

PT-7728 Series · PT-7828 Series · PT-G503 Series · PT-G510 Series ·

  •   Print this page

  • Save
    You can manage and share your saved list in My Moxa
Related Advisories
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

Do Not Share My Personal Information

To opt out of sharing your personal information for cross-context behavioral advertising, you can complete and submit the form provided below.


Please note that even if you choose to complete the form, you may still see our ads on other websites. However, these ads may not be as relevant to you as they would be if you had not opted out.

 
 
 
Added To Bag

View Bag
You have some items waiting in your bag; click here to finish your quote!

You are currently on the Global / English site.
Would you like to go to the site for your region?

Feedback