Moxa MXview Series Network Management Software Vulnerabilities

Low Risk1mxview-series-network-management-software-vulnerabilitiesNov 3, 2020

Summary

Multiple vulnerabilities identified in Moxa MXview Series Network Management Software involving incorrect default permissions (CWE-276, CVE-2020-13536, CVE-2020-13537). An attacker with local access may be able to edit source files to insert malicious code and elevate their privileges on the management platform. Moxa has developed related solutions to address these vulnerabilities, but no patch is available for the underlying product vulnerabilities.

What this means

What could happen

An attacker with local access to the MXview management console could modify source files to inject malicious code and gain elevated privileges, potentially allowing them to take control of the software and the network devices it manages.

Who's at risk

Network and process engineers using Moxa MXview to manage industrial switches, gateways, and network devices in water utilities, electric utilities, and manufacturing facilities. The vulnerability affects all MXview Series versions.

How it could be exploited

An attacker with local or low-privileged access to the MXview server would modify source files through the file system or application interface. The default permissions allow these files to be edited, and the attacker can inject code that executes with elevated privileges when the application processes the modified files, granting them administrative control of the management platform.

Prerequisites

Local or physical access to the MXview management server
Low-privilege user account on the MXview server or read/write access to application source files
Ability to restart or reload the affected application for malicious code to execute

No patch availableDefault credentials or weak default permissionsLocal access required but low complexity exploitation

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

MXview SeriesAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict file system permissions on MXview application directories to prevent unauthorized modification of source files; only administrators should have write access

HARDENINGImplement strict access controls on the MXview server itself; limit user accounts and enforce strong authentication for any local access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor MXview source file integrity using file integrity checking tools to detect unauthorized modifications

Mitigations - no patch available

0/1

MXview Series has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGReview and audit user accounts with access to the MXview server and remove unnecessary local access

CVEs (2)

CVE-2020-13536 CVE-2020-13537

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cdc56156-a43d-4e11-9b3d-51c43f1c1a19