New Firmware for Moxa’s MXview

Thursday, January 11, 2018 @ 05:01 PM gHale


Moxa produced new firmware to mitigate an unquoted search path or element vulnerability in its MXview, according to a report from ICS-CERT.

A network management software product, MXview v2.8 and prior suffer from the vulnerability discovered by researcher Karn Ganeshen.

RELATED STORIES
Phoenix Contact Clears FL SWITCH Holes
Rockwell Clears MicroLogix Controller Hole
GM, Shanghai OnStar Fix iOS Client
Advantech Clears WebAccess Holes

Successful exploitation of this vulnerability could allow a local authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. However, an attacker with low skill level could exploit the vulnerability.

The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

CVE-2017-14030 is the case number assigned to this vulnerability which has a CVSS v3 base score of 7.8.

The product mainly sees action in the critical manufacturing, energy and transportation systems sectors. It sees action on a global basis.

Click here to download Taiwan-based Moxa’s new firmware Version 2.9.



Leave a Reply

You must be logged in to post a comment.