Finding Moxa MXview instances
Security researchers with Claroty’s Team82 recently published findings of five discovered vulnerabilities in Moxa’s MXview software. Focused on “industrial network management”, MXview enables management of deployed Operational Technologies (OT) and Industrial Control Systems (ICS) endpoints.
These published vulnerabilities reside in the MQTT messaging component of MXview and can be leveraged (and chained together) by an unauthenticated attacker to ultimately gain filesystem access to data (including credentials) or achieve remote code execution on vulnerable systems:
- CVE-2021-38452 (CVSS “critical” score of 9.1) - path traversal vulnerability, may allow an attacker to create or overwrite critical files used to execute code
- CVE-2021-38454 (CVSS “critical” score of 10.0) - path traversal vulnerability, may allow an attacker to create or overwrite critical files used to execute code
- CVE-2021-38456 (CVSS “critical” score of 9.8) - hard-coded password vulnerability, may allow an attacker to gain access through accounts using default passwords
- CVE-2021-38458 (CVSS “critical” score of 9.8) - path traversal vulnerability, may allow an attacker to create or overwrite critical files used to execute code
- CVE-2021-38460 (CVSS “high” score of 7.5) - path traversal vulnerability, may allow an attacker to create or overwrite critical files used to execute code
An additional two MXview vulnerabilities, discovered by Patrick DeSantis of Cisco’s Talos group, were disclosed last October. These affect all MXview versions up through (and including) 3.2.4, and involve hard-coded credentials and cleartext transmission of sensitive data:
- CVE-2021-40390 (CVSS “critical” score of 10.0) - authentication bypass vulnerability, can lead to unauthorized access
- CVE-2021-40392 (CVSS “medium” score of 5.3) - information disclosure vulnerability, can lead to disclosure of sensitive information via network sniffing
Given the severity of these vulnerabilities (including what can be accomplished via chaining) and the appeal of systems bridging network technologies, vulnerable targets may be of high interest to attackers.
Yes. Moxa has addressed all of the above vulnerabilities and strongly encourages folks who are running MXview to upgrade to version 3.2.6 or later.
_asset.protocol:http and protocol:http and (html.title:"mxview" or last.html.title:"mxview")
Don’t have Rumble and need help finding potentially vulnerable MXview instances? Start your Rumble trial today.
May 12, 2022
Wrangling the May 2022 Patch Tuesday
Microsoft recently released security updates for over 70 vulnerabilities, including 3 zero-days and 7 critical vulnerabilities that affect a wide-range of their products and services. The list of patches covers an actively exploited zero-day vulnerability in the Windows …Read More
May 5, 2022
Finding F5 BIG-IP instances
Technology vendor F5 recently published information on over 40 vulnerabilities, mostly affecting their BIG-IP line of products. While these vulnerabilities include a mix of types and severities, a particular authentication bypass vulnerability that can affect all BIG-IP …Read More
April 29, 2022
Finding Netatalk instances
A critical vulnerability in the Netatalk open source file server software was found in some popular network attached storage (NAS) devices. Netatalk provides services for the deprecated AFP (Apple Filing Protocol, formerly known as Appletalk Filing Protocol), and runs on a …Read More