AIG-301 Series Azure uAMQP Vulnerabilities

Moxa Security Advisory

The AIG-301 Series prior to version 1.5 is affected by multiple Azure uAMQP vulnerabilities. Successful exploitation of these vulnerabilities could remote code execution.

The identified vulnerability types and potential impacts are shown below:

Item
Vulnerability Type
Impact

1

Double free (CWE-415)

CVE-2024-27099

An attacker can process an incorrect `AMQP_VALUE` failed state that may cause a double free problem. This may cause an RCE.

2

Improper Control of Generation of Code (‘Code Injection’) (CWE-97)
CVE-2024-25110
An attacker can trigger a use-after-free issue and may cause a remote code execution.

3

Improper Control of Generation of Code (‘Code Injection’) (CWE-97)
CVE-2024-21646
An attacker may craft binary type data. An integer overflow, or wraparound, or memory safety issue can occur and may cause remote code execution.

 

Vulnerability Scoring Details 

ID 

CVSS 

Vector 

Severity 

Remote Exploit without Auth? 

CVE-2024-27099

9.8

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 

Critical 

Yes

CVE-2024-25110
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Yes

CVE-2024-21646
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Yes

READ MORE