Moxa has issued a high-severity security advisory for a newly discovered vulnerabilityβCVE-2024-9404βthat affects its widely deployed PT-G7728 and PT-G7828 industrial Ethernet switches. This flaw could allow attackers to remotely crash or cold start the system, resulting in a denial-of-service (DoS) condition.
βDue to insufficient input validation, this service can be exploited to trigger a cold start or denial-of-service condition,β Moxa warns in its advisory.
The vulnerability exists in the moxa_cmd service, a deployment-focused feature that, when left exposed, becomes a potential vector for remote abuse. By sending specially crafted packets, unauthenticated attackers can crash the service or force a device rebootβinterrupting mission-critical operations in environments such as transportation, energy, or manufacturing.
βIf exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems,β Moxa emphasizes.
Moxa recommends the following actions to protect affected systems:
| Product Series | Firmware Versions Impacted |
|---|---|
| PT-G7728 Series | 6.5 and earlier |
| PT-G7828 Series | 6.5 and earlier |
Recommendations:
Security patches are available via Moxa Technical SupportUsers should contact Moxa directly to obtain the latest firmwareInterim Mitigation:
Disable the βMoxa Serviceβ and βMoxa Service (Encrypted)β if not in active useLimit external access to Moxa devices via firewall rules or segmentation