Moxa MXview Network Management Software

Act Now10ICS-CERT ICSA-21-278-03Oct 5, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MXview Network Management Software versions 3.x through 3.2.2 contain multiple critical vulnerabilities: path traversal (CWE-22) allowing attackers to read/write arbitrary files, hardcoded credentials (CWE-259) for authentication bypass, unsafe template processing (CWE-74) for code injection, and insufficient access controls (CWE-284). These can be exploited remotely without authentication to execute code, steal credentials, disable the software, modify device configurations, or gain unauthorized MQTT access to internal communication channels.

What this means

What could happen

An attacker could execute arbitrary code, steal credentials, disable the management software, or remotely access MQTT channels and internal communications from the network—allowing control over monitored devices or shutdown of the network management capability itself.

Who's at risk

Water utilities and municipal electric systems using Moxa MXview for network management. Affects any organization managing Moxa industrial switches, gateways, or other network devices through the MXview management console. Critical for organizations relying on this platform for device configuration, monitoring, and remote management.

How it could be exploited

An attacker on the network can send crafted requests to MXview without authentication. The vulnerabilities allow path traversal (CWE-22) to read/write sensitive files, hardcoded credentials (CWE-259) for authentication bypass, and unsafe template injection (CWE-74) to achieve remote code execution. Once exploited, the attacker gains the ability to modify device configurations, intercept MQTT messages, or disable management functions.

Prerequisites

Network access to MXview management server (typically port 8080 or 8443)
No authentication required for exploitation
MXview version 3.2.2 or earlier running

remotely exploitableno authentication requiredlow complexityaffects management/monitoring systemshigh CVSS score (10.0)

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

MXview Network Management Software:≥ 3.x | ≤ 3.2.23.2.4 or higher

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDBlock port 8883 with firewall rules to prevent remote MQTT access if multi-site management is not required

WORKAROUNDConfigure firewall to restrict MXview access to authorized management IP addresses only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MXview to version 3.2.4 or higher

HARDENINGImplement Windows password policy requiring regular password changes for MXview server accounts

Long-term hardening

0/1

HARDENINGIsolate MXview management network from the internet and business network using a firewall or air gap

CVEs (5)

CVE-2021-38452 CVE-2021-38456 CVE-2021-38460 CVE-2021-38458 CVE-2021-38454

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9504a528-79b4-427a-83bd-6222a10fb40e