Moxa customers urged to patch five vulnerabilities found in MXview network management software
The issues affect the Taiwanese company’s MXview web-based network management system versions 3.x to 3.2.2, and collectively, ICS-CERT scored the vulnerabilities a 10.0, its highest criticality score.
According to Team82, an unauthenticated attacker successfully chaining two or more of these vulnerabilities could achieve remote code execution on any unpatched MXview server.
The US Cybersecurity and Infrastructure Security Agency (CISA) released an ICS advisory for the vulnerabilities in October, noting that successful exploitation of these vulnerabilities “may allow an attacker to create or overwrite critical files to execute code, gain access to the program, obtain credentials, disable the software, read and modify otherwise inaccessible data, allow remote connections to internal communication channels, or interact and use MQTT remotely.”
The web-based network management system was designed for monitoring and managing Moxa-based devices. Team 82 disclosed five vulnerabilities (CVE-2021-38452, CVE-2021-38456, CVE-2021-38460, CVE-2021-38458 and CVE-2021-38454) in the MXView platform. The company also provided a proof of concept showing how an attack would work.
Bugcrowd CTO Casey Ellis said it is “an impactful set of vulnerabilities.”
“Command injection via MQTT is an interesting and seldom discussed technique and only goes to demonstrate the increasing complexity of the input vectors any given application may have,” Ellis said. “Proper sanitization is important everywhere, not just on real-time inputs which are exposed directly to users.”
Moxa’s MXview is a significant player in the ICS and overall IoT market with their focus on converged networks — few network management vendors focus on this space — and therefore, the significance of these vulnerabilities is high, according to Viakoo CEO Bud Broomhead.
Broomhead added that with manufacturing and line-of-business organizations using them, not all their end-users will have the IT resources or knowledge to remediate these vulnerabilities quickly — making the high severity vulnerabilities that much more dangerous.
“These vulnerabilities, without question, will have a major impact. All 5 vulnerabilities have a 10/10 severity score, and because they are focused on converged networks, it increases the likelihood of threat actors exploiting them in order to move laterally into corporate networks,” Broomhead told ZDNet.
“In addition, these vulnerabilities enable privilege management exploits; vulnerabilities in privilege management almost always will be viewed as a high-level risk, especially given the damage that cybercriminals with root-level privileges can do such as placing malware, controlling critical infrastructure, or covering the tracks of a threat actor.”