OTPulse
FeedAboutContact

Moxa MXview

Plan Patch7.5ICS-CERT ICSA-18-095-02Apr 5, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

MXview versions 2.8 and earlier are vulnerable to information disclosure allowing remote attackers to read cryptographic private keys without authentication. These keys are used to secure communications and device management within the industrial network. Moxa has released version 2.9 to address this vulnerability.

What this means
What could happen
An attacker could read the private cryptographic keys stored on MXview, which could allow them to impersonate the management server or decrypt sensitive communications within your network infrastructure.
Who's at risk
Organizations running Moxa MXview industrial management software should be concerned. This affects any facility using MXview to manage distributed industrial devices (remote I/O, industrial gateways, and other Moxa equipment) in water systems, power generation, or manufacturing environments. MXview is typically deployed as a centralized management console in a control system network.
How it could be exploited
An attacker with network access to MXview (TCP port 443 or management port) can retrieve the private keys without authentication due to the information disclosure vulnerability. The attacker could then use these keys to impersonate the system or decrypt traffic.
Prerequisites
  • Network access to MXview management port (typically 443 or 8080)
  • MXview version 2.8 or earlier
remotely exploitableno authentication requiredlow complexitycryptographic key exposuremanagement system compromise
Exploitability
Moderate exploit probability (EPSS 1.1%)
Affected products (1)
ProductAffected VersionsFix Status
MXview:≤ 2.82.9
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to MXview to trusted management networks only using firewall rules
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MXview to version 2.9 or later
HARDENINGIsolate the management network running MXview from your business network and the internet
Long-term hardening
0/1
HARDENINGImplement VPN for any required remote access to MXview
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4a0b9681-fa4f-4f6c-a459-85b05fa191b2
Moxa MXview | CVSS 7.5 - OTPulse