OTPulse
FeedAboutContact

Moxa SoftCMS Vulnerabilities

Act Now9.8ICS-CERT ICSA-16-322-02Aug 21, 2016
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Moxa SoftCMS versions prior to 1.6 contain multiple critical vulnerabilities in input validation (CWE-20), memory handling (CWE-415), and SQL injection (CWE-89). These flaws allow remote attackers to execute arbitrary code on the SoftCMS server without authentication. The vulnerability could enable unauthorized control of industrial processes, modification of control logic, or disruption of operations. No patch is available from Moxa.

What this means
What could happen
An attacker could execute arbitrary commands on the SoftCMS server or tamper with automation data, potentially disrupting critical plant processes, data integrity, or causing unsafe operating conditions.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using Moxa SoftCMS for industrial automation, process monitoring, or supervisory control should assess their exposure. This affects organizations that rely on SoftCMS for managing remote terminal units (RTUs), distributed I/O, or SCADA data collection.
How it could be exploited
An attacker with network access to the SoftCMS application (typically port 80/443) could send a crafted request exploiting input validation flaws (CWE-20), memory corruption (CWE-415), or SQL injection (CWE-89) to gain remote code execution without needing valid credentials.
Prerequisites
  • Network access to SoftCMS web interface (port 80 or 443)
  • No authentication required
  • Vulnerable version <1.6 deployed
remotely exploitableno authentication requiredlow complexityhigh EPSS score (29.7%)no patch availableaffects automation and control systems
Exploitability
High exploit probability (EPSS 29.7%)
Affected products (1)
ProductAffected VersionsFix Status
SoftCMS: <1.6<1.6No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
WORKAROUNDImplement firewall rules to restrict network access to SoftCMS to only authorized engineering workstations and control systems
HARDENINGIsolate SoftCMS from the internet and untrusted networks using network segmentation or air-gapping
HARDENINGMonitor network traffic to and from SoftCMS for suspicious activity or exploit attempts
Mitigations - no patch available
0/1
SoftCMS: <1.6 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEvaluate migration to a supported alternative or replacement automation platform
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/2f3851c4-c086-4b36-8579-477c1eea8bae
Moxa SoftCMS Vulnerabilities | CVSS 9.8 - OTPulse