The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
History

Tue, 15 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Moxa
Moxa edf-g1002-bp
Moxa edr-8010
Moxa edr-g9004
Moxa edr-g9010
Moxa nat-102
Moxa oncell G4302-lte4
Moxa tn-4900
CPEs cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*
Vendors & Products Moxa
Moxa edf-g1002-bp
Moxa edr-8010
Moxa edr-g9004
Moxa edr-g9010
Moxa nat-102
Moxa oncell G4302-lte4
Moxa tn-4900
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 14 Oct 2024 08:30:00 +0000

Type Values Removed Values Added
Description The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Title Moxa Service Missing Authentication for Critical Function
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Moxa

Published: 2024-10-14T08:09:22.689Z

Updated: 2024-10-15T14:32:26.853Z

Reserved: 2024-09-24T07:11:35.456Z

Link: CVE-2024-9137

cve-icon Vulnrichment

Updated: 2024-10-15T14:32:04.043Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-14T09:15:04.403

Modified: 2024-10-15T12:57:46.880

Link: CVE-2024-9137

cve-icon Redhat

No data.