Moxa MXview One

Monitor6.5ICS-CERT ICSA-24-268-05Sep 24, 2024

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

MXview One is a network management and monitoring platform for Moxa industrial networking devices. Versions 1.4.0 and earlier of MXview One Series, and version 1.0.0 of MXview One Central Manager Series, contain vulnerabilities that allow authenticated attackers to expose local credentials and write arbitrary files to the system, potentially enabling malicious code execution.

What this means

What could happen

An authenticated user on your management network could steal stored credentials for your industrial devices or upload malicious code to the MXview One server, potentially giving them control over monitored network infrastructure or access to other systems that MXview manages.

Who's at risk

System administrators and network operators at water utilities, electrical substations, and other industrial facilities using Moxa MXview One for management of network switches, gateways, and industrial routers. Also affects organizations using MXview One Central Manager for centralized management of multiple Moxa devices across distributed sites.

How it could be exploited

An attacker with valid login credentials to the MXview One management interface could exploit path traversal or insecure file handling vulnerabilities to read sensitive files containing credentials or write arbitrary files to the system. This could lead to unauthorized access to other Moxa devices on the network or remote code execution on the management server itself.

Prerequisites

Valid login credentials for MXview One management interface (username and password)
Network access to the MXview One management port (typically web interface on port 80/443)
MXview One server reachable from attacker's network location

Remotely exploitableRequires valid credentials (reduces but does not eliminate risk)Low complexity attackAffects network management/visibility systems (not direct device control, but could enable further compromise)

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

MXview One Series: <=1.4.0≤ 1.4.01.4.1

MXview One Central Manager Series: 1.0.01.0.01.0.3

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGChange default credentials immediately upon first login or deployment of MXview One

WORKAROUNDRestrict network access to MXview One management interface from Internet; limit access to internal engineering workstations and administrative computers only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MXview One Series to version 1.4.1 or later

HOTFIXUpgrade MXview One Central Manager Series to version 1.0.3 or later

Long-term hardening

0/2

HARDENINGPlace MXview One and managed devices behind a firewall with strict network segmentation between operational networks and business/office networks

HARDENINGIf remote access to MXview One is required, use VPN with current security patches and strong authentication rather than direct Internet exposure

CVEs (3)

CVE-2024-6785 CVE-2024-6786 CVE-2024-6787

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/83504216-68d7-4220-ab13-a227c718892d