SC Media reports that updates have been issued by industrial networking provider Moxa — which counts Microsoft, Verizon, Siemens, and KPMG among its leading customers — to address a pair of security flaws impacting its secure routers, cellular routers, and network security appliances.
The more severe of the patched vulnerabilities is the critical CVE-2024-9140 bug, which attackers could exploit for remote code execution, while the other high-severity flaw, tracked as CVE-2024-9138, could get leveraged to allow privilege escalation and root-level system access, according to Moxa.
Moxa's devices are commonly used in critical infrastructure sectors, so security researchers advise teams to patch immediately.
"Affected Moxa devices are normally found installed in critical industries such as transportation, utilities and energy, and telecommunications," said Mayuresh Dani, manager of security research at Qualys. "If a threat actor were to compromise Moxa's cellular routers, secure routers, or network security appliances, it would allow unabated access to internal networks and data, compromising all communications."
