cvelistv5 - cve-2024-9137

CVE-2024-9137 (GCVE-0-2024-9137)

Vulnerability from cvelistv5

Published

2024-10-14 08:09

Modified

2025-01-17 07:36

Severity ?

8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

References

►

URL

Tags

	psirt@moxa.com	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances
	psirt@moxa.com	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches

Impacted products

Vendor

Product

Version

►

Moxa

EDR-8010 Series

Version: 1.0 <

Moxa	EDR-G9004 Series	Version: 1.0 <
Moxa	EDR-G9010 Series	Version: 1.0 <
Moxa	EDF-G1002-BP Series	Version: 1.0 <
Moxa	NAT-102 Series	Version: 1.0 <
Moxa	OnCell G4302-LTE4 Series	Version: 1.0 <
Moxa	TN-4900 Series	Version: 1.0 <
Moxa	EDS-608 Series	Version: 1.0 <
Moxa	EDS-611 Series	Version: 1.0 <
Moxa	EDS-616 Series	Version: 1.0 <
Moxa	EDS-619 Series	Version: 1.0 <
Moxa	EDS-405A Series	Version: 1.0 <
Moxa	EDS-408A Series	Version: 1.0 <
Moxa	EDS-505A Series	Version: 1.0 <
Moxa	EDS-508A Series	Version: 1.0 <
Moxa	EDS-510A Series	Version: 1.0 <
Moxa	EDS-516A Series	Version: 1.0 <
Moxa	EDS-518A Series	Version: 1.0 <
Moxa	EDS-G509 Series	Version: 1.0 <
Moxa	EDS-P510 Series	Version: 1.0 <
Moxa	EDS-P510A Series	Version: 1.0 <
Moxa	EDS-510E Series	Version: 1.0 <
Moxa	EDS-518E Series	Version: 1.0 <
Moxa	EDS-528E Series	Version: 1.0 <
Moxa	EDS-G508E Series	Version: 1.0 <
Moxa	EDS-G512E Series	Version: 1.0 <
Moxa	EDS-G516E Series	Version: 1.0 <
Moxa	EDS-P506E Series	Version: 1.0 <
Moxa	ICS-G7526A Series	Version: 1.0 <
Moxa	ICS-G7528A Series	Version: 1.0 <
Moxa	ICS-G7748A Series	Version: 1.0 <
Moxa	ICS-G7750A Series	Version: 1.0 <
Moxa	ICS-G7752A Series	Version: 1.0 <
Moxa	ICS-G7826A Series	Version: 1.0 <
Moxa	ICS-G7828A Series	Version: 1.0 <
Moxa	ICS-G7848A Series	Version: 1.0 <
Moxa	ICS-G7850A Series	Version: 1.0 <
Moxa	ICS-G7852A Series	Version: 1.0 <
Moxa	IKS-G6524A Series	Version: 1.0 <
Moxa	IKS-6726A Series	Version: 1.0 <
Moxa	IKS-6728A Series	Version: 1.0 <
Moxa	IKS-G6824A Series	Version: 1.0 <
Moxa	SDS-3006 Series	Version: 1.0 <
Moxa	SDS-3008 Series	Version: 1.0 <
Moxa	SDS-3010 Series	Version: 1.0 <
Moxa	SDS-3016 Series	Version: 1.0 <
Moxa	SDS-G3006 Series	Version: 1.0 <
Moxa	SDS-G3008 Series	Version: 1.0 <
Moxa	SDS-G3010 Series	Version: 1.0 <
Moxa	SDS-G3016 Series	Version: 1.0 <
Moxa	PT-7728 Series	Version: 1.0 <
Moxa	PT-7828 Series	Version: 1.0 <
Moxa	PT-G503 Series	Version: 1.0 <
Moxa	PT-G510 Series	Version: 1.0 <
Moxa	PT-G7728 Series	Version: 1.0 <
Moxa	PT-G7828 Series	Version: 1.0 <
Moxa	TN-4500A Series	Version: 1.0 <
Moxa	TN-5500A Series	Version: 1.0 <
Moxa	TN-G4500 Series	Version: 1.0 <
Moxa	TN-G6500 Series	Version: 1.0 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edr-g9010",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "3.12.1",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nat-102",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "1.0.5",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tn-4900",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "3.6",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oncell_g4302-lte4",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "3.9",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edf-g1002-bp",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "3.12.1",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edr-g9004",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "3.12.1",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edr-8010",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "3.12.1",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-14T15:27:27.483068Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T14:32:26.853Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EDR-8010 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12.1",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDR-G9004 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12.1",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDR-G9010 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12.1",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDF-G1002-BP Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12.1",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NAT-102 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "1.0.5",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OnCell G4302-LTE4 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TN-4900 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.6",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-608 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-611 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-616 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-619 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-405A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.14",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-408A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-505A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.11",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-508A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.11",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-510A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.12",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-516A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.11",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-518A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.11",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-G509 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.10",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-P510 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.11",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-P510A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.11",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-510E Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.5",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-518E Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "6.3",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-528E Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "6.3",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-G508E Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "6.4",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-G512E Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "6.4",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-G516E Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "6.4",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDS-P506E Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.8",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7526A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.10",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7528A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.10",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7748A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7750A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7752A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7826A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.10",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7828A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.10",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7848A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7850A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICS-G7852A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "IKS-G6524A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.10",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "IKS-6726A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "IKS-6728A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "IKS-G6824A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.10",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDS-3006 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDS-3008 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDS-3010 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDS-3016 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDS-G3006 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDS-G3008 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDS-G3010 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SDS-G3016 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PT-7728 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.9",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PT-7828 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "4.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PT-G503 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.3",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PT-G510 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "6.5",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PT-G7728 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "6.4",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PT-G7828 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "6.4",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TN-4500A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.13",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TN-5500A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.13",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TN-G4500 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.5",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TN-G6500 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "5.5",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lars Haulin"
        }
      ],
      "datePublic": "2024-10-14T08:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\u003c/p\u003e"
            }
          ],
          "value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-216",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-216 Communication Channel Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-17T07:36:41.866Z",
        "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "shortName": "Moxa"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances\"\u003eMissing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\"\u003eCVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Please refer to the security advisories:\n  *   Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances \n\n  *   CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Moxa Service Missing Authentication for Critical Function",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to the \u003cem\u003eGeneral Security Best Practices\u003c/em\u003e\u0026nbsp;section to further strengthen your security posture.\u003c/p\u003e"
            }
          ],
          "value": "To mitigate the risks associated with this vulnerability, we recommend the following actions:\n\n  *  Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\n\n\nRefer to the General Security Best Practices\u00a0section to further strengthen your security posture."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
    "assignerShortName": "Moxa",
    "cveId": "CVE-2024-9137",
    "datePublished": "2024-10-14T08:09:22.689Z",
    "dateReserved": "2024-09-24T07:11:35.456Z",
    "dateUpdated": "2025-01-17T07:36:41.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-9137\",\"sourceIdentifier\":\"psirt@moxa.com\",\"published\":\"2024-10-14T09:15:04.403\",\"lastModified\":\"2025-01-17T08:15:24.690\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\"},{\"lang\":\"es\",\"value\":\"El producto afectado carece de una comprobaci\u00f3n de autenticaci\u00f3n al enviar comandos al servidor a trav\u00e9s del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos espec\u00edficos, lo que puede provocar descargas o cargas no autorizadas de archivos de configuraci\u00f3n y comprometer el sistema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances\",\"source\":\"psirt@moxa.com\"},{\"url\":\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\",\"source\":\"psirt@moxa.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9137\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-14T15:27:27.483068Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"edr-g9010\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"nat-102\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.5\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"tn-4900\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.6\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"oncell_g4302-lte4\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"edf-g1002-bp\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"edr-g9004\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"edr-8010\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12.1\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-15T14:32:04.043Z\"}}], \"cna\": {\"title\": \"Moxa Service Missing Authentication for Critical Function\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Lars Haulin\"}], \"impacts\": [{\"capecId\": \"CAPEC-216\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-216 Communication Channel Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Moxa\", \"product\": \"EDR-8010 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDR-G9004 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDR-G9010 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDF-G1002-BP Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"NAT-102 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"OnCell G4302-LTE4 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"TN-4900 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-608 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-611 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-616 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-619 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-405A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-408A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-505A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-508A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-510A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.12\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-516A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-518A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-G509 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-P510 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-P510A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-510E Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-518E Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.3\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-528E Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.3\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-G508E Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.4\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-G512E Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.4\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-G516E Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.4\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"EDS-P506E Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.8\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7526A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7528A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7748A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7750A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7752A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7826A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7828A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7848A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7850A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"ICS-G7852A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"IKS-G6524A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"IKS-6726A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"IKS-6728A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"IKS-G6824A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.10\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"SDS-3006 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"SDS-3008 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"SDS-3010 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"SDS-3016 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"SDS-G3006 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"SDS-G3008 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"SDS-G3010 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"SDS-G3016 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"PT-7728 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"PT-7828 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"PT-G503 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.3\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"PT-G510 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"PT-G7728 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.4\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"PT-G7828 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.4\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"TN-4500A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.13\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"TN-5500A Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.13\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"TN-G4500 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"TN-G6500 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.5\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please refer to the security advisories:\\n  *   Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances \\n\\n  *   CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances\\\"\u003eMissing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\\\"\u003eCVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-10-14T08:07:00.000Z\", \"references\": [{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To mitigate the risks associated with this vulnerability, we recommend the following actions:\\n\\n  *  Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\\n\\n\\nRefer to the General Security Best Practices\\u00a0section to further strengthen your security posture.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to the \u003cem\u003eGeneral Security Best Practices\u003c/em\u003e\u0026nbsp;section to further strengthen your security posture.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"shortName\": \"Moxa\", \"dateUpdated\": \"2025-01-17T07:36:41.866Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-9137\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-17T07:36:41.866Z\", \"dateReserved\": \"2024-09-24T07:11:35.456Z\", \"assignerOrgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"datePublished\": \"2024-10-14T08:09:22.689Z\", \"assignerShortName\": \"Moxa\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2024-9137

Vulnerability from fkie_nvd

Published

2024-10-14 09:15

Modified

2025-01-17 08:15

Severity ?

9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Summary

References

▶	URL	Tags
	psirt@moxa.com	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances
	psirt@moxa.com	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."
    },
    {
      "lang": "es",
      "value": "El producto afectado carece de una comprobaci\u00f3n de autenticaci\u00f3n al enviar comandos al servidor a trav\u00e9s del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos espec\u00edficos, lo que puede provocar descargas o cargas no autorizadas de archivos de configuraci\u00f3n y comprometer el sistema."
    }
  ],
  "id": "CVE-2024-9137",
  "lastModified": "2025-01-17T08:15:24.690",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.5,
        "source": "psirt@moxa.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "psirt@moxa.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-14T09:15:04.403",
  "references": [
    {
      "source": "psirt@moxa.com",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
    },
    {
      "source": "psirt@moxa.com",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
    }
  ],
  "sourceIdentifier": "psirt@moxa.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "psirt@moxa.com",
      "type": "Secondary"
    }
  ]
}

wid-sec-w-2024-3154

Vulnerability from csaf_certbund

Published

2024-10-13 22:00

Modified

2025-02-19 23:00

Summary

Moxa Router: Mehrere Schwachstellen ermöglichen Dateimanipulation und Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Moxa Router sind Router für industrielle Anwendungen die darauf ausgelegt sind, in anspruchsvollen Umgebungen zuverlässige und sichere Netzwerkkonnektivität zu bieten.

Angriff

Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Moxa Router ausnutzen, um Dateien zu manipulieren und beliebigen Code auszuführen.

Betroffene Betriebssysteme

- Appliance - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Moxa Router sind Router f\u00fcr industrielle Anwendungen die darauf ausgelegt sind, in anspruchsvollen Umgebungen zuverl\u00e4ssige und sichere Netzwerkkonnektivit\u00e4t zu bieten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Moxa Router ausnutzen, um Dateien zu manipulieren und beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Appliance\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3154 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3154.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3154 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3154"
      },
      {
        "category": "external",
        "summary": "Moxa Security Advisories vom 2024-10-13",
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
      },
      {
        "category": "external",
        "summary": "Moxa Security Advisory MPSA-241156 vom 2025-01-17",
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
      },
      {
        "category": "external",
        "summary": "Moxa Security Advisory MPSA-240933 vom 2025-02-20",
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches"
      }
    ],
    "source_lang": "en-US",
    "title": "Moxa Router: Mehrere Schwachstellen erm\u00f6glichen Dateimanipulation und Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2025-02-19T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-20T09:07:47.644+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-3154",
      "initial_release_date": "2024-10-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-16T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von moxa aufgenommen"
        },
        {
          "date": "2025-02-19T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von moxa aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "EDR-8010 Series \u003c3.13",
                "product": {
                  "name": "Moxa Router EDR-8010 Series \u003c3.13",
                  "product_id": "T038295"
                }
              },
              {
                "category": "product_version",
                "name": "EDR-8010 Series 3.13",
                "product": {
                  "name": "Moxa Router EDR-8010 Series 3.13",
                  "product_id": "T038295-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:edr-8010_series__3.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EDR-G9004 Seires \u003c3.13",
                "product": {
                  "name": "Moxa Router EDR-G9004 Seires \u003c3.13",
                  "product_id": "T038296"
                }
              },
              {
                "category": "product_version",
                "name": "EDR-G9004 Seires 3.13",
                "product": {
                  "name": "Moxa Router EDR-G9004 Seires 3.13",
                  "product_id": "T038296-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:edr-g9004_seires__3.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EDR-G9010 Series \u003c3.13",
                "product": {
                  "name": "Moxa Router EDR-G9010 Series \u003c3.13",
                  "product_id": "T038297"
                }
              },
              {
                "category": "product_version",
                "name": "EDR-G9010 Series 3.13",
                "product": {
                  "name": "Moxa Router EDR-G9010 Series 3.13",
                  "product_id": "T038297-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:edr-g9010_series__3.13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "NAT-102 Series",
                "product": {
                  "name": "Moxa Router NAT-102 Series",
                  "product_id": "T038298",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:nat-102_series"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "TN-4900 Series \u003c3.13",
                "product": {
                  "name": "Moxa Router TN-4900 Series \u003c3.13",
                  "product_id": "T038299"
                }
              },
              {
                "category": "product_version",
                "name": "TN-4900 Series 3.13",
                "product": {
                  "name": "Moxa Router TN-4900 Series 3.13",
                  "product_id": "T038299-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:tn-4900_series__3.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "OnCell G4302-LTE4 Series \u003c3.13",
                "product": {
                  "name": "Moxa Router OnCell G4302-LTE4 Series \u003c3.13",
                  "product_id": "T038300"
                }
              },
              {
                "category": "product_version",
                "name": "OnCell G4302-LTE4 Series 3.13",
                "product": {
                  "name": "Moxa Router OnCell G4302-LTE4 Series 3.13",
                  "product_id": "T038300-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:oncell_g4302-lte4_series__3.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Router"
          },
          {
            "category": "product_name",
            "name": "Moxa Switch",
            "product": {
              "name": "Moxa Switch",
              "product_id": "T039277",
              "product_identification_helper": {
                "cpe": "cpe:/h:moxa:switch:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Moxa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-9137",
      "product_status": {
        "known_affected": [
          "T038295",
          "T038296",
          "T038297",
          "T038298",
          "T039277",
          "T038299",
          "T038300"
        ]
      },
      "release_date": "2024-10-13T22:00:00.000+00:00",
      "title": "CVE-2024-9137"
    },
    {
      "cve": "CVE-2024-9139",
      "product_status": {
        "known_affected": [
          "T038295",
          "T038296",
          "T038297",
          "T038298",
          "T039277",
          "T038299"
        ]
      },
      "release_date": "2024-10-13T22:00:00.000+00:00",
      "title": "CVE-2024-9139"
    }
  ]
}

ncsc-2024-0407

Vulnerability from csaf_ncscnl

Published

2024-10-14 12:14

Modified

2024-10-14 12:14

Summary

Kwetsbaarheden verholpen in Moxa systemen

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Moxa heeft kwetsbaarheden verholpen in diverse netwerkcomponenten.

Interpretaties

Een kwaadwillende kan de kwetsbaarheden misbruiken om configuraties aan te passen en willekeurige code uit te voeren op het kwetsbare systeem.

Oplossingen

Moxa heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-306

Missing Authentication for Critical Function

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Moxa heeft kwetsbaarheden verholpen in diverse netwerkcomponenten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om configuraties aan te passen en willekeurige code uit te voeren op het kwetsbare systeem.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Moxa heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Missing Authentication for Critical Function",
        "title": "CWE-306"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Moxa systemen",
    "tracking": {
      "current_release_date": "2024-10-14T12:14:38.572540Z",
      "id": "NCSC-2024-0407",
      "initial_release_date": "2024-10-14T12:14:38.572540Z",
      "revision_history": [
        {
          "date": "2024-10-14T12:14:38.572540Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "edf-g1002-bp_series",
            "product": {
              "name": "edf-g1002-bp_series",
              "product_id": "CSAFPID-1671666",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:moxa:edf-g1002-bp_series:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "edr-8010_series",
            "product": {
              "name": "edr-8010_series",
              "product_id": "CSAFPID-1671663",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:moxa:edr-8010_series:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "edr-g9004_series",
            "product": {
              "name": "edr-g9004_series",
              "product_id": "CSAFPID-1671664",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:moxa:edr-g9004_series:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "edr-g9010_series",
            "product": {
              "name": "edr-g9010_series",
              "product_id": "CSAFPID-1671665",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:moxa:edr-g9010_series:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nat-102_series",
            "product": {
              "name": "nat-102_series",
              "product_id": "CSAFPID-1671667",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:moxa:nat-102_series:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oncell_g4302-lte4_series",
            "product": {
              "name": "oncell_g4302-lte4_series",
              "product_id": "CSAFPID-1671668",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:moxa:oncell_g4302-lte4_series:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tn-4900_series",
            "product": {
              "name": "tn-4900_series",
              "product_id": "CSAFPID-1671669",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:moxa:tn-4900_series:0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "moxa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-9137",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1671663",
          "CSAFPID-1671664",
          "CSAFPID-1671665",
          "CSAFPID-1671666",
          "CSAFPID-1671667",
          "CSAFPID-1671668",
          "CSAFPID-1671669"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-9137",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9137.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1671663",
            "CSAFPID-1671664",
            "CSAFPID-1671665",
            "CSAFPID-1671666",
            "CSAFPID-1671667",
            "CSAFPID-1671668",
            "CSAFPID-1671669"
          ]
        }
      ],
      "title": "CVE-2024-9137"
    },
    {
      "cve": "CVE-2024-9139",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1671663",
          "CSAFPID-1671664",
          "CSAFPID-1671665",
          "CSAFPID-1671666",
          "CSAFPID-1671667",
          "CSAFPID-1671668",
          "CSAFPID-1671669"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-9139",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9139.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1671663",
            "CSAFPID-1671664",
            "CSAFPID-1671665",
            "CSAFPID-1671666",
            "CSAFPID-1671667",
            "CSAFPID-1671668",
            "CSAFPID-1671669"
          ]
        }
      ],
      "title": "CVE-2024-9139"
    }
  ]
}

ghsa-c5hh-282x-jrgh

Vulnerability from github

Published

2024-10-14 09:30

Modified

2025-01-17 09:30

Severity ?

9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-9137"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-14T09:15:04Z",
    "severity": "HIGH"
  },
  "details": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.",
  "id": "GHSA-c5hh-282x-jrgh",
  "modified": "2025-01-17T09:30:38Z",
  "published": "2024-10-14T09:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9137"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-9137 (GCVE-0-2024-9137)

Vulnerability from cvelistv5

fkie_cve-2024-9137

Vulnerability from fkie_nvd

wid-sec-w-2024-3154

Vulnerability from csaf_certbund

ncsc-2024-0407

Vulnerability from csaf_ncscnl

ghsa-c5hh-282x-jrgh

Vulnerability from github

Tags

Sightings

Nomenclature