Moxa MXview Series Network Management Software Vulnerability

Low Risk1mxview-series-network-management-software-vulnerabilityMar 13, 2018

Summary

A privilege escalation vulnerability (CVE-2017-14030) exists in Moxa MXview Series Network Management Software due to an unquoted service path. An authorized user with local file access can insert arbitrary code into the unquoted service path and execute it with elevated privileges when the service starts or restarts. Moxa has developed a solution but no patch version is specified. All versions of MXview Series are affected.

What this means

What could happen

An authorized local user with file system access could run arbitrary code with elevated privileges on the MXview management console, potentially allowing manipulation of monitored industrial devices across your network.

Who's at risk

Operators of Moxa MXview management software used to monitor and manage Moxa industrial switches, media converters, and industrial gateways across your network. This affects anyone using MXview as a centralized management console for Moxa devices in water, electric, manufacturing, or other critical infrastructure environments.

How it could be exploited

An attacker with local access to the MXview server (such as a disgruntled employee or via prior compromise) can insert a malicious executable into the unquoted service path. When the MXview service starts or restarts, it will execute the attacker's code instead of the legitimate application, running with the service's elevated privileges.

Prerequisites

Local file system write access to the MXview installation directory or PATH
Knowledge of the unquoted service path location
Ability to insert or modify files before service restart

Local privilege escalation requiredRequires pre-existing file system accessNo patch availableAffects management and visibility into OT devices

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

MXview SeriesAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict local file system access and write permissions on the MXview server to only authorized administrators

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGUse file integrity monitoring (FIM) or host-based intrusion detection to alert on unauthorized changes to the MXview installation directory

HARDENINGImplement application whitelisting on the MXview server to prevent unauthorized executables from running

Mitigations - no patch available

0/1

MXview Series has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor service restart events and review logs for unexpected process execution

CVEs (1)

CVE-2017-14030

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/43d6a2b3-6035-4225-af18-7029d3d97181