Platform
other
Component
moxa-service
Fixed in
3.12.2
3.12.2
3.12.2
3.12.2
1.0.6
3.9.1
3.6.1
3.12.1
3.12.1
3.12.1
3.12.1
3.14.1
3.12.1
3.11.1
3.11.1
3.12.1
3.11.1
3.11.1
3.10.1
3.11.1
3.11.1
5.5.1
6.3.1
6.3.1
6.4.1
6.4.1
6.4.1
5.8.1
5.10.1
5.10.1
5.9.1
5.9.1
5.9.1
5.10.1
5.10.1
5.9.1
5.9.1
5.9.1
5.10.1
5.9.1
5.9.1
5.10.1
3.0.1
3.0.1
3.0.1
3.0.1
3.0.1
3.0.1
3.0.1
3.0.1
3.9.1
4.0.1
5.3.1
6.5.1
6.4.1
6.4.1
3.13.1
3.13.1
5.5.1
5.5.1
CVE-2024-9137 is a critical authentication bypass vulnerability affecting Moxa Service versions 1.0 through 6.5. This flaw allows attackers to execute arbitrary commands on the server due to the absence of authentication checks when sending commands. Successful exploitation can lead to unauthorized access, data exfiltration, and complete system compromise. The vulnerability was published on 2024-10-14 and a fix is available in version 6.5.1.
The lack of authentication in Moxa Service presents a severe risk. An attacker can leverage this vulnerability to execute arbitrary commands on the affected system without proper authorization. This could involve downloading sensitive configuration files containing credentials or other critical data, uploading malicious code to gain persistent access, or even taking complete control of the system. The potential impact extends beyond the immediate system, as compromised Moxa Service instances could be used as a springboard for lateral movement within the network, potentially impacting other connected devices and systems. The ability to execute arbitrary commands effectively grants the attacker root-level access, allowing for significant disruption and data theft.
CVE-2024-9137 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's severity and ease of exploitation suggest a potential for active exploitation. The absence of authentication checks is a common attack vector, and attackers may actively scan for vulnerable Moxa Service instances. The vulnerability was disclosed publicly on 2024-10-14.
Exploit Status
EPSS
0.15% (36% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-9137 is to immediately upgrade Moxa Service to version 6.5.1 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. Network segmentation can limit the potential blast radius by isolating the Moxa Service instance from other critical systems. Restrict network access to the Moxa Service to only authorized IP addresses. Monitor network traffic for suspicious command execution attempts. While a WAF or proxy cannot directly prevent the underlying vulnerability, it can potentially block known malicious command patterns. After upgrading, verify the fix by attempting to send commands to the Moxa Service without providing authentication credentials; the service should reject these requests.
Update the firmware of your Moxa EDR-8010 Series device to a version later than 3.12.1 to correct the missing authentication vulnerability. Refer to the Moxa security advisory (MPSA-241156) for detailed instructions on how to download and install the update. Apply the security measures recommended by the vendor.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-9137 is a critical vulnerability in Moxa Service versions 1.0-6.5 that allows attackers to execute commands due to a missing authentication check, potentially leading to system compromise.
If you are using Moxa Service versions 1.0 through 6.5, you are potentially affected by this vulnerability. Immediate action is required.
Upgrade Moxa Service to version 6.5.1 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like network segmentation.
While no confirmed active exploitation has been publicly reported, the vulnerability's severity and ease of exploitation suggest a potential for active campaigns.
Refer to the official Moxa security advisory for detailed information and updates regarding CVE-2024-9137: [https://www.moxa.com/en-us/support/security-advisory/moxa-sa-2024-0011](https://www.moxa.com/en-us/support/security-advisory/moxa-sa-2024-0011)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.