OTPulse
FeedAboutContact

Moxa MXview

Monitor7.8ICS-CERT ICSA-18-011-02Jan 11, 2018
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

MXview v2.8 and prior contains a local code execution vulnerability (CWE-428) exploitable by users with local access to the MXview host. Successful exploitation allows an attacker to execute arbitrary code with MXview user privileges, potentially compromising the monitoring and control of all Moxa industrial devices managed by that instance.

What this means
What could happen
An attacker with local access to the MXview host can execute arbitrary code with the privileges of the MXview user, potentially compromising the entire monitoring and control system for Moxa industrial devices across your network.
Who's at risk
Plant engineers and operations staff managing Moxa industrial devices (Ethernet switches, wireless access points, serial device servers, cellular gateways) through the MXview centralized management platform. This affects any facility using MXview for remote monitoring and configuration of Moxa hardware on control networks.
How it could be exploited
An attacker with user-level access to the machine running MXview can exploit this vulnerability to run arbitrary commands. Because MXview is typically a Windows application managing multiple industrial devices, successful exploitation gives the attacker a foothold to monitor or alter your networked device configurations and communications.
Prerequisites
  • Local user account access to the MXview host
  • MXview version 2.8 or earlier installed
  • User-level privileges on the host machine
low complexityrequires local accessaffects centralized management systemno patch available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
MXview: v2.8 and prior≤ 2.8No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict local access to the MXview host to authorized engineering and IT staff only
HARDENINGImplement host-level access controls and monitor local user accounts on the MXview machine for unauthorized additions
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MXview to a version newer than 2.8 if a patched version becomes available from Moxa
Mitigations - no patch available
0/1
MXview: v2.8 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate the MXview management server on a dedicated network segment separate from production process networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b234e694-7f2e-49c4-a743-d55fa3906ffd
Moxa MXview | CVSS 7.8 - OTPulse