SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-787978280] Moxa MXview

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-01-11OtherMoxa Karn Ganeshen reported the vulnerability to ICS-CERT.N/ACVE-2017-1403 N/AN/AN/A

Source

						
							
								
#
# Moxa MXview
#


### VULNERABLE VENDOR
Moxa 


### VULNERABLE PRODUCT
MXview 


### RESEARCHER
Karn Ganeshen reported the vulnerability to ICS-CERT.


### AFFECTED PRODUCTS
The following versions of MXview, network management software, are affected:

MXview v2.8 and prior


### IMPACT
Successful exploitation of this vulnerability could allow a local authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.


### VULNERABILITY OVERVIEW
UNQUOTED SEARCH PATH OR ELEMENT CWE-428
The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
CVE-2017-14030 has been assigned to this vulnerability.
A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan




### MITIGATION

Moxa has produced new firmware Version 2.9 for the affected devices that can be downloaded from:

https://www.moxa.com/support/sarch_result.aspx?prod_id=622&type_id=6&type=soft