Moxa Updates SoftCMS Live Viewer

Friday, September 1, 2017 @ 05:09 PM gHale


Moxa updated its SoftCMS Live Viewer product to fix a SQL injection vulnerability, according to a report with ICS-CERT.

SoftCMS Live Viewer, Version 1.6 and prior versions suffer from the issue. SoftCMS Live Viewer is video surveillance software designed for industrial automation systems.

RELATED STORIES
Fix OPW Fuel Management Systems
Siemens Clears Switched Ethernet Hole
Siemens Fixes, Mitigates LOGO! Issues
Siemens Fixes Hole Using OPC UA

Successful exploitation of this vulnerability, discovered by Security researcher Ziqiang Gu from Huawei WeiRan Labs, could allow an unauthenticated user to access SoftCMS Live Viewer without knowing the user’s password.

No known public exploits specifically target this vulnerability.

An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user’s password.

CVE-2017-50137 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use mainly in the critical manufacturing, energy and transportation systems sectors. It also sees action on a global basis.

Taiwan-based Moxa has provided software update Version 1.7 for SoftCMS Live Viewer which fixes this vulnerability. Moxa recommends users update to the new version.



Leave a Reply

You must be logged in to post a comment.