Does your business use Moxa cellular routers, secure routers, or other network security devices? Are you aware of the two critical security updates from the Taiwanese manufacturer? These faulty Moxa devices could directly affect your operation.
The firmware in these devices is vulnerable to security bugs. Hackers can escalate security privileges to get root-level access, which allows these infiltrators to execute unauthorized and harmful commands from anywhere.
Cybercriminals exploit these vulnerabilities remotely. As such, Moxa has encouraged its users to apply its fixes immediately. Doing so may protect your business from damage, but let’s look at why.
The Basics of the CVE Vulnerabilities in Moxa Devices
For now, the faulty Moxa devices contain two specific vulnerabilities that your business should be aware of: CVE-2024-9138 and CVE-2024-9140.
CVE-2024-9138 Critical for Access
The CVE-2024-9138 vulnerability affected 10 specific device models, allowing cybercriminals to take over the network equipment. The devices contained hardcoded credentials, making it easy for hackers to access them from just about anywhere. Unfettered access allows privilege escalation, so once they gain access, hackers can do everything from accessing some sensitive information to shutting down your entire network.
CVE-2024-9140 Critical for Operations
The second vulnerability is even more concerning, and MOXA also lists it as “Critical.” CVE-2024-9140 allows hackers to use special characters to bypass certain input restrictions, meaning they can run arbitrary commands on these devices. Imagine the havoc that nefarious OS command injections could wreak on your daily operation!
How To Fix Moxa’s Vulnerabilities
In response to these two vulnerabilities, Moxa released firmware patches. If you use one of these industrial routers or appliances for remote monitoring, logic controllers, data collection, or industrial control centers, apply the patches. The updates are available on the device management interface, and clear instructions on how to download and install these fixes are provided.
The patch restores the industrial router security to protect your business once more. Even so, Moxa acknowledges that some devices do not yet have a suitable solution. These faulty Moxa devices don’t have publicly available firmware patches and need additional technical support.
Can’t patch your business’s compromised device? Moxa recommends these steps to secure your network and minimize exposure:
- Disconnect your company’s affected devices from the internet.
- Limit SSH access to trusted IP addresses.
- Use intrusion detection systems (IDS) to monitor the network for potentially malicious traffic.
This action to safeguard your business with firmware updates and ongoing threat detection protects it from serious consequences, including substantial financial losses – at least until Moxa releases solutions.
Protect Your Industrial Network Today
The faulty Moxa devices affect a small subset of the company’s products tailored to industrial applications. However, if your business relies on these for any purposes, take this threat seriously. A hacker can remotely exploit these vulnerabilities, and the results could be devastating.
Yet again, this incident underscores the importance of staying abreast of critical security updates for firmware and software and of installing updates promptly. Your company’s future may depend on your ability to keep vital networks secure, so why not be proactive?
