Moxa MXview Series Network Management Software Vulnerabilities

Low Risk2mxview-network-management-software-vulnerabilities-(1)Mar 17, 2022

Summary

Moxa MXview Series Network Management Software contains two related vulnerabilities: CVE-2021-40390 (Use of Hard-coded Credentials - CWE-798) allows unauthorized access via specially crafted HTTP requests, and CVE-2021-40392 (Cleartext Transmission of Sensitive Information - CWE-319) allows attackers to sniff network traffic to capture credentials and sensitive data. All versions of MXview Series are affected. Moxa has indicated that solutions are in development to address these issues.

What this means

What could happen

An attacker with network access can either log into MXview with hard-coded credentials to gain unauthorized administrative access, or intercept unencrypted network traffic to capture sensitive information like passwords and configuration data.

Who's at risk

Transportation operators and any industrial facility using Moxa MXview Series for centralized network management of industrial switches, gateways, and routers. This includes transit agencies, ports, and rail systems managing distributed Moxa networking equipment across multiple sites.

How it could be exploited

An attacker on the network sends a specially crafted HTTP request using hard-coded credentials to authenticate to MXview, or passively sniffs HTTP traffic on the network segment where MXview communicates to capture cleartext credentials and configuration data being transmitted.

Prerequisites

Network access to MXview HTTP interface on port 80 or management port
No authentication required to exploit hard-coded credentials vulnerability (CVE-2021-40390)
Network position allowing packet capture for traffic sniffing (CVE-2021-40392)

remotely exploitableno authentication required (hard-coded credentials)cleartext credential transmissionno patch availabledefault credentials

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

MXview SeriesAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate MXview management interface to a restricted management VLAN not accessible from production networks or the internet

WORKAROUNDImplement firewall rules to restrict HTTP/HTTPS access to MXview to only authorized administrative workstations and networks

HARDENINGForce all MXview traffic over encrypted HTTPS channels and disable unencrypted HTTP access if possible

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor MXview access logs for unauthorized login attempts or unusual administrative activity

HOTFIXContact Moxa to determine if updated MXview versions with remediated hard-coded credentials are available outside of standard versioning

CVEs (2)

CVE-2021-40390 CVE-2021-40392

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9665577f-9310-4e80-81ae-2917faf3530b