Encircle News!

Retro Game Arcade
, , ,

Industrial networks exposed to attack by faulty Moxa devices

Latest from TechRadar US in News,opinion

  • Moxa found two flaws affecting cellular router models, secure routers, and network security equipment
  • One of the bugs was deemed critical since it allowed for RCE
  • Patches are already available, so update now

Moxa, a global powerhouse in industrial networking, computing, and communications gear, has recently addressed two vulnerabilities impacting different cellular router models, secure routers, and network security gear.

Since one of the vulnerabilities is deemed critical, and can be abused remotely to devastating effect, Moxa urged its users to apply the fixes immediately.

In a security advisory, Moxa said it released patches for CVE-2024-9138, and CVE-2024-9140. The first one is due to hardcoded credentials, allowing threat actors to elevate privileges and gain root-level access. It was granted a severity score of 8.6, and was said to affect ten models. Those include EDR-810 Series, EDR-8010 Series, and EDR-G902 Series.

Moxa devices targeted

The second vulnerability is more severe, allowing threat actors to exploit special characters to bypass input restrictions. As a result, they could be allowed to run arbitrary commands remotely which, in turn, could lead to full device takeover.

This bug was given a severity score of 9.8 (critical), and was said to affect a somewhat smaller list of devices. Among others, it includes EDR-G9004 Series, EDR-G9010 Series, and EDF-G1002-BP Series.

Moxa released different patches for different models and firmware versions, and added that the MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series endpoints were not vulnerable to either bug.

It also offered a set of mitigations for those unable to apply the patch immediately. These include:

  • Minimizing network exposure to ensure the device is not accessible from the Internet.
  • Limiting SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
  • Implementing IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. “These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks,” the company said.

The entire list of affected endpoints can be found on this link.

You might also like

https://www.techradar.com/pro/security/industrial-networks-exposed-to-attack-by-faulty-moxa-devices

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

January 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1013: Calamari in Crisis – Touching the Sun, Fake Spotify Artists, Banished Words This Week in Tech (Audio)

Touching the Sun, Fake Spotify Artists, Banished Words AI Needs So Much Power, It's Making Yours Worse How many billions Big Tech spent on AI data centers in 2024 NASA Spacecraft 'Touches Sun' In Defining Moment For Humankind Elon Musk Calls Out NASA's Moon Ambitions: 'We're Going Straight to Mars' Elon Musk and the right's war on Wikipedia Trump Asks Supreme Court to Pause Law Threatening TikTok Ban US Treasury says Chinese hackers stole documents in 'major incident' Judge blocks parts of California bid to protect kids from social media Finland probes Russian shadow fleet oil tanker after cable-cutting incident US appeals court blocks Biden administration effort to restore net-neutrality rules The Ghosts in the Machine (fake spotify artists) Massive VW Data Leak Exposed 800,000 EV Owners' Movements, From Homes To Brothels Banished Words | Lake Superior State University 2025 Public Domain Day 2025 Happy Birthday, Bitcoin! The top cryptocurrency is old enough to drive End of the lines? QR-style codes could replace barcodes 'within two years' Host: Leo Laporte Guests: Richard Campbell, Anthony Ha, and Stacey Higginbotham Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: ZipRecruiter.com/Twit joindeleteme.com/twit promo code TWIT canary.tools/twit – use code: TWIT zscaler.com/security
  1. TWiT 1013: Calamari in Crisis – Touching the Sun, Fake Spotify Artists, Banished Words
  2. TWiT 1012: Our Best Of 2024 – The Best Moments From TWiT's 2024
  3. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  4. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  5. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits