CVE-2024-9404

Denial-of-Service Vulnerability

Description

This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.

Remediation

Solution:

Please refer to the security advisories: * CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches

Workaround:

To mitigate the risks associated with this vulnerability, we recommend the following actions: * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.

References

Link	Tags
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series	vendor advisory
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches	vendor advisory
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-9404?: CVE-2024-9404 has been scored as a high severity vulnerability.
How to fix CVE-2024-9404?: To fix CVE-2024-9404: Please refer to the security advisories: * CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches
Is CVE-2024-9404 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-9404 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9404?: CVE-2024-9404 affects Moxa VPort 07-3 Series, Moxa EDS-608 Series, Moxa EDS-611 Series, Moxa EDS-616 Series, Moxa EDS-619 Series, Moxa EDS-405A Series, Moxa EDS-408A Series, Moxa EDS-505A Series, Moxa EDS-508A Series, Moxa EDS-510A Series, Moxa EDS-516A Series, Moxa EDS-518A Series, Moxa EDS-G509 Series, Moxa EDS-P510 Series, Moxa EDS-P510A Series, Moxa EDS-510E Series, Moxa EDS-518E Series, Moxa EDS-528E Series, Moxa EDS-G508E Series, Moxa EDS-G512E Series, Moxa EDS-G516E Series, Moxa EDS-P506E Series, Moxa ICS-G7526A Series, Moxa ICS-G7528A Series, Moxa ICS-G7748A Series, Moxa ICS-G7750A Series, Moxa ICS-G7752A Series, Moxa ICS-G7826A Series, Moxa ICS-G7828A Series, Moxa ICS-G7848A Series, Moxa ICS-G7850A Series, Moxa ICS-G7852A Series, Moxa IKS-G6524A Series, Moxa IKS-6726A Series, Moxa IKS-6728A Series, Moxa IKS-G6824A Series, Moxa SDS-3006 Series, Moxa SDS-3008 Series, Moxa SDS-3010 Series, Moxa SDS-3016 Series, Moxa SDS-G3006 Series, Moxa SDS-G3008 Series, Moxa SDS-G3010 Series, Moxa SDS-G3016 Series, Moxa PT-7728 Series, Moxa PT-7828 Series, Moxa PT-G503 Series, Moxa PT-G510 Series.

Description

Remediation

Category

CWE-1287 – Improper Validation of Specified Type of Input

References

Frequently Asked Questions