Moxa SoftCMS Buffer Overflow Vulnerability
Low RiskICS-CERT ICSA-15-153-02Mar 5, 2015
Summary
A stack-based buffer overflow vulnerability exists in Moxa SoftCMS version 1.2 and earlier (CWE-121). The vulnerability could allow remote code execution on affected systems. No patch is available from the vendor.
What this means
What could happen
A buffer overflow in Moxa SoftCMS could allow an attacker to execute arbitrary code on the server, potentially disrupting supervisory control and data acquisition (SCADA) operations or allowing modification of process data.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using Moxa SoftCMS for SCADA supervisory control should prioritize this. SoftCMS is used for data acquisition and monitoring in automated control systems.
How it could be exploited
An attacker with network access to the SoftCMS server would send a specially crafted message to trigger a buffer overflow condition. This could overwrite adjacent memory and allow execution of arbitrary commands on the affected system.
Prerequisites
- Network access to the SoftCMS server
- SoftCMS version 1.2 or earlier running
remotely exploitableno patch availablebuffer overflow leading to code execution
Exploitability
Moderate exploit probability (EPSS 3.6%)
Affected products (1)
ProductAffected VersionsFix Status
SoftCMS: <=1.2≤ 1.2No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1HARDENINGIsolate or restrict network access to SoftCMS servers using firewall rules; only allow connections from authorized engineering workstations and SCADA networks
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor SoftCMS server logs for suspicious connection attempts or buffer overflow indicators
Mitigations - no patch available
0/1SoftCMS: <=1.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to prevent untrusted networks from reaching SoftCMS systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6896b4f1-60b0-4be8-b878-6e63975635ac