OTPulse
FeedAboutContact

Moxa SoftNVR-IA Live Viewer

Plan Patch7.2ICS-CERT ICSA-17-220-02Aug 8, 2017
Attack VectorLocal
Auth RequiredHigh
ComplexityHigh
User InteractionRequired
Summary

Moxa SoftNVR-IA Live Viewer versions 3.30.3122 and earlier contain a vulnerability (CWE-427) that could allow an attacker with local or adjacent network access and high-privilege credentials to execute arbitrary code on the workstation running the application. The vulnerability requires user interaction to exploit. Affected versions are those up to and including 3.30.3122.

What this means
What could happen
An attacker with physical or local network access to a machine running SoftNVR-IA Live Viewer could execute arbitrary code with high privileges, potentially compromising video surveillance systems and gaining access to recorded footage or the network infrastructure the NVR is connected to.
Who's at risk
Water and electric utilities using Moxa SoftNVR-IA Live Viewer for video surveillance of critical infrastructure sites, remote facilities, and control room monitoring. Particularly relevant for organizations relying on network video recorders for physical security and facility monitoring.
How it could be exploited
The vulnerability is triggered through a local attack vector requiring high privilege access and user interaction. An attacker would need to already have local system access or be able to interact with a privileged user on the workstation running SoftNVR-IA Live Viewer, then trigger the vulnerability through a specific action (such as opening a malicious file or configuration) to execute code with system privileges.
Prerequisites
  • Local or adjacent network access to the workstation running SoftNVR-IA Live Viewer
  • High-privilege credentials or ability to interact with a user running the application
  • User action required (e.g., opening a file or accepting a dialog)
Affects surveillance systemsRequires high privilege and user interactionLow to moderate exploit probability
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
SoftNVR-IA Live Viewer:≤ 3.30.31223.4
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SoftNVR-IA Live Viewer to Version 3.4 or later
Long-term hardening
0/2
HARDENINGRestrict physical and network access to workstations running SoftNVR-IA Live Viewer to authorized personnel only
HARDENINGImplement endpoint protection and user access controls to limit who can execute applications and modify system settings on NVR workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ab061605-e18c-4be4-a4e2-76104c954fca