Moxa MXview One

MonitorCVSS 6.8ICS-CERT ICSA-24-268-05Sep 21, 2024

Moxa

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Moxa MXview One and MXview One Central Manager contain improper credential storage and file permission vulnerabilities (CWE-313, CWE-24, CWE-367) that allow an attacker with local access or low-privilege credentials to read stored plaintext credentials and write arbitrary files. Successful exploitation could enable arbitrary code execution on the network management platform. MXview One Series versions up to 1.4.0 and MXview One Central Manager Series version 1.0.0 are affected.

What this means

What could happen

An attacker with local access to MXview One could steal stored credentials and write malicious files to the system, potentially allowing them to execute arbitrary code and gain control of the network management platform.

Who's at risk

Network managers and IT operators responsible for Moxa industrial network devices should care. MXview One is a network management and monitoring platform used to oversee Moxa switches, gateways, and other industrial networking equipment in manufacturing plants, utilities, and infrastructure environments. Compromising MXview One affects visibility and control over all monitored devices.

How it could be exploited

An attacker with local or low-privileged access to the MXview One system exploits improper credential storage and file permission weaknesses to read plaintext credentials and overwrite system files. This could enable code execution on the network management appliance itself, allowing the attacker to compromise monitoring and control of your Moxa devices and network.

Prerequisites

Local access to the MXview One system or valid low-privilege user credentials
Access to the affected MXview One or MXview One Central Manager service

Low attack complexityRequires local access or valid credentialsNo known exploit or active exploitationCredentials can be exposedDefault credentials in use

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

MXview One and MXview One Central Manager SeriesAll versionsNo fix (EOL)

MXview One Series: <=1.4.0≤ 1.4.01.4.1

MXview One Central Manager Series: 1.0.01.0.01.0.3

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGChange default credentials immediately after deployment or update

HARDENINGRestrict network access to MXview One management interface—do not expose to the Internet; use firewall rules to limit access to authorized IT/engineering networks only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MXview One Series to version 1.4.1 or later

HOTFIXUpdate MXview One Central Manager Series to version 1.0.3 or later

Mitigations - no patch available

0/1

MXview One and MXview One Central Manager Series has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the control system network running MXview One from general business networks using network segmentation

CVEs (3)

CVE-2024-6785 CVE-2024-6786 CVE-2024-6787

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/83504216-68d7-4220-ab13-a227c718892d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.