Moxa SoftCMS Live Viewer

Act Now9.8ICS-CERT ICSA-17-243-05Aug 31, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SoftCMS Live Viewer versions 1.6 and earlier contain a SQL injection vulnerability (CWE-89) in its input validation. The application fails to properly sanitize user-supplied input before passing it to database queries, allowing an attacker to inject arbitrary SQL commands over the network without authentication. This could result in unauthorized access to the monitoring database, modification of operational parameters, or exfiltration of sensitive configuration data.

What this means

What could happen

An attacker on the network could inject malicious SQL commands into SoftCMS Live Viewer, potentially gaining unauthorized access to the monitoring system's database and altering or exfiltrating operational data.

Who's at risk

Water authorities and municipal utilities using Moxa SoftCMS Live Viewer for SCADA system monitoring and operational visibility. The vulnerability affects the monitoring application itself, which is typically deployed on engineering workstations or control center servers.

How it could be exploited

An attacker sends a crafted network request containing SQL injection payloads to the SoftCMS Live Viewer application. The application passes unsanitized user input directly to the database query without validation. The attacker can then query, modify, or delete data in the monitoring system's database.

Prerequisites

Network access to the SoftCMS Live Viewer application port
No authentication required

Remotely exploitableNo authentication requiredLow complexitySQL injectionCritical severity (CVSS 9.8)No patch available for versions 1.6 and earlier

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

SoftCMS Live Viewer:≤ 1.6Version 1.7

Remediation & Mitigation

0/2

Do now

0/1

WORKAROUNDIf updating is not immediately possible, isolate the SoftCMS Live Viewer system to a restricted network segment and limit network access using firewall rules to only authorized monitoring stations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SoftCMS Live Viewer to version 1.7 or later

CVEs (1)

CVE-2017-12729

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f2383664-769a-4025-aff0-ebc3931d00c1