Date |
Type |
Platform |
Author |
EDB-ID |
CVE-ID |
OSVDB-ID |
Download |
App |
SIS Signature |
2018-01-11 | Other | Moxa | Karn Ganeshen reported the vulnerability to ICS-CERT. | N/A | CVE-2017-1403 | N/A |  | N/A | N/A |
Source
#
# Moxa MXview
#
### VULNERABLE VENDOR
Moxa
### VULNERABLE PRODUCT
MXview
### RESEARCHER
Karn Ganeshen reported the vulnerability to ICS-CERT.
### AFFECTED PRODUCTS
The following versions of MXview, network management software, are affected:
MXview v2.8 and prior
### IMPACT
Successful exploitation of this vulnerability could allow a local authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
### VULNERABILITY OVERVIEW
UNQUOTED SEARCH PATH OR ELEMENT CWE-428
The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
CVE-2017-14030 has been assigned to this vulnerability.
A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan
### MITIGATION
Moxa has produced new firmware Version 2.9 for the affected devices that can be downloaded from:
https://www.moxa.com/support/sarch_result.aspx?prod_id=622&type_id=6&type=soft