Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impacts various models of its cellular routers, secure routers, and network security appliances.
Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that pose a significant security risk.
- CVE-2024-9138: This vulnerability involves hard-coded credentials, which could allow an authenticated user to escalate privileges and gain root-level access to the system.
- CVE-2024-9140: This vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution.
Immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.
These two issues are a facepalm moment for me. I’ll get to why in a moment. Right now, Paul Bischoff, Consumer Privacy Advocate at Comparitech had this to say:
“For the moment, this does not appear to be a zero-day vulnerability that’s already being exploited in the wild, and a patch is available. However, unlike our cell phones and laptops, industrial equipment isn’t always set up to automatically download and install the latest update. Administrators of the vulnerable routers need to ensure they apply the necessary firmware updates as soon as possible. Considering the industrial environments that Moxa routers are used in, a successful attack could have serious consequences.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy:
“Cases like this, where a vulnerability exists, but so does an update that can fix the vulnerabilities used by the attack underscore the need for enterprises to keep close track of updates, so they can be installed as soon as possible. Only by keeping track of vulnerabilities and their fixes can organizations keep their systems safer from attack.”
One of these vulnerabilities involves hard coded credentials. The use of hard coded credentials should be discouraged as it creates all sorts of security risks that are routinely exploited by malware and hackers. Thus if you have one of these routers, you should update it right now.
Like this:
Like Loading...
Related
This entry was posted on January 6, 2025 at 3:31 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Vulnerable Moxa devices expose industrial networks to attacks
Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impacts various models of its cellular routers, secure routers, and network security appliances.
Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that pose a significant security risk.
Immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.
These two issues are a facepalm moment for me. I’ll get to why in a moment. Right now, Paul Bischoff, Consumer Privacy Advocate at Comparitech had this to say:
“For the moment, this does not appear to be a zero-day vulnerability that’s already being exploited in the wild, and a patch is available. However, unlike our cell phones and laptops, industrial equipment isn’t always set up to automatically download and install the latest update. Administrators of the vulnerable routers need to ensure they apply the necessary firmware updates as soon as possible. Considering the industrial environments that Moxa routers are used in, a successful attack could have serious consequences.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy:
“Cases like this, where a vulnerability exists, but so does an update that can fix the vulnerabilities used by the attack underscore the need for enterprises to keep close track of updates, so they can be installed as soon as possible. Only by keeping track of vulnerabilities and their fixes can organizations keep their systems safer from attack.”
One of these vulnerabilities involves hard coded credentials. The use of hard coded credentials should be discouraged as it creates all sorts of security risks that are routinely exploited by malware and hackers. Thus if you have one of these routers, you should update it right now.
Share this:
Like this:
Related
This entry was posted on January 6, 2025 at 3:31 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.