Request a Demo
Rewterz
Rewterz Threat Advisory – ICS: Emerson WirelessHART Gateway
October 6, 2021
Rewterz
Rewterz Threat Advisory – ICS: Honeywell Experion PKS and ACE Controllers
October 6, 2021

Rewterz Threat Advisory – ICS: Moxa MXview Network Management Software

Severity

High

Analysis Summary

CVE-2021-38452

A path traversal vulnerability in the application may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

CVE-2021-38456

The affected product uses hard-coded passwords, which may allow an attacker to gain access through accounts using default passwords.

CVE-2021-38460

The affected product is vulnerable to password leakage, which may allow an attacker to obtain credentials through unprotected transport.

CVE-2021-38458

The affected product is vulnerable to improper neutralization of special elements, which may allow an attacker to remotely execute unauthorized commands. This could allow an attacker to disable software or read and modify otherwise inaccessible data.

CVE-2021-38454

The affected product has a misconfigured service that allows remote connections to internal communication channels, which may allow an attacker to interact and use MQTT remotely.

Impact

  • Unauthorized Access
  • Credential Theft
  • Remote Code Execution

Affected Vendors

  • Moxa

Affected Products

  • MXview Network Management Software: Versions 3.x to 3.2.2

Remediation

Refer to US-CERT Advisory for patch, upgrade, or suggested workaround information.

https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03