प्लेटफ़ॉर्म
other
घटक
moxa-service
में ठीक किया गया
3.12.2
3.12.2
3.12.2
3.12.2
1.0.6
3.9.1
3.6.1
3.12.1
3.12.1
3.12.1
3.12.1
3.14.1
3.12.1
3.11.1
3.11.1
3.12.1
3.11.1
3.11.1
3.10.1
3.11.1
3.11.1
5.5.1
6.3.1
6.3.1
6.4.1
6.4.1
6.4.1
5.8.1
5.10.1
5.10.1
5.9.1
5.9.1
5.9.1
5.10.1
5.10.1
5.9.1
5.9.1
5.9.1
5.10.1
5.9.1
5.9.1
5.10.1
3.0.1
3.0.1
3.0.1
3.0.1
3.0.1
3.0.1
3.0.1
3.0.1
3.9.1
4.0.1
5.3.1
6.5.1
6.4.1
6.4.1
3.13.1
3.13.1
5.5.1
5.5.1
CVE-2024-9137 is a critical authentication bypass vulnerability affecting Moxa Service versions 1.0 through 6.5. This flaw allows attackers to execute arbitrary commands on the server due to the absence of authentication checks when sending commands. Successful exploitation can lead to unauthorized access, data exfiltration, and complete system compromise. The vulnerability was published on 2024-10-14 and a fix is available in version 6.5.1.
The lack of authentication in Moxa Service presents a severe risk. An attacker can leverage this vulnerability to execute arbitrary commands on the affected system without proper authorization. This could involve downloading sensitive configuration files containing credentials or other critical data, uploading malicious code to gain persistent access, or even taking complete control of the system. The potential impact extends beyond the immediate system, as compromised Moxa Service instances could be used as a springboard for lateral movement within the network, potentially impacting other connected devices and systems. The ability to execute arbitrary commands effectively grants the attacker root-level access, allowing for significant disruption and data theft.
CVE-2024-9137 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's severity and ease of exploitation suggest a potential for active exploitation. The absence of authentication checks is a common attack vector, and attackers may actively scan for vulnerable Moxa Service instances. The vulnerability was disclosed publicly on 2024-10-14.
Organizations utilizing Moxa Service for industrial automation, data acquisition, or remote device management are at significant risk. Specifically, deployments with limited network segmentation or those relying on default configurations are particularly vulnerable. Any environment where Moxa Service is exposed to untrusted networks should be considered at high risk.
• windows / other: Monitor process execution for unexpected commands originating from the Moxa Service. Use Sysinternals Process Monitor to track file access and registry modifications.
Get-Process -Name "MoxaService" | Select-Object -ExpandProperty Path• linux / server: Monitor system logs (e.g., /var/log/syslog) for unusual command execution patterns associated with the Moxa Service. Use auditd to track command execution.
journalctl -u moxa-service -f• generic web: Monitor network traffic for unusual outbound connections from the Moxa Service to external hosts. Examine access logs for suspicious requests targeting the Moxa Service endpoint.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.15% (36% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-9137 is to immediately upgrade Moxa Service to version 6.5.1 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. Network segmentation can limit the potential blast radius by isolating the Moxa Service instance from other critical systems. Restrict network access to the Moxa Service to only authorized IP addresses. Monitor network traffic for suspicious command execution attempts. While a WAF or proxy cannot directly prevent the underlying vulnerability, it can potentially block known malicious command patterns. After upgrading, verify the fix by attempting to send commands to the Moxa Service without providing authentication credentials; the service should reject these requests.
Actualice el firmware de su dispositivo Moxa EDR-8010 Series a una versión posterior a la 3.12.1 para corregir la vulnerabilidad de autenticación faltante. Consulte el aviso de seguridad de Moxa (MPSA-241156) para obtener instrucciones detalladas sobre cómo descargar e instalar la actualización. Aplique las medidas de seguridad recomendadas por el proveedor.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-9137 is a critical vulnerability in Moxa Service versions 1.0-6.5 that allows attackers to execute commands due to a missing authentication check, potentially leading to system compromise.
If you are using Moxa Service versions 1.0 through 6.5, you are potentially affected by this vulnerability. Immediate action is required.
Upgrade Moxa Service to version 6.5.1 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like network segmentation.
While no confirmed active exploitation has been publicly reported, the vulnerability's severity and ease of exploitation suggest a potential for active campaigns.
Refer to the official Moxa security advisory for detailed information and updates regarding CVE-2024-9137: [https://www.moxa.com/en-us/support/security-advisory/moxa-sa-2024-0011](https://www.moxa.com/en-us/support/security-advisory/moxa-sa-2024-0011)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।