DecryptedTech

Saturday13 August 2022

Network Management Software from Moxa Has Five Critical Bugs that Could Allow for an RCE Attack


Reading time is around minutes.

Management and a monitoring software are ubiquitous in the IT operation industry. They are force multipliers that allow for what are usually small teams to manage a large number of assets. By design they need to have elevated permission to accomplish their intended tasks. The problem is that these permissions also make them targets for attackers. This means that developers of these tools need to take extra steps to ensure that they are not vulnerable to attack or become the thing that compromises a network.

In the case of Moxa’s MXView five Critical flaws were recently disclosed that could allow an attacker to execute arbitrary code on systems that have not been updated. The five flaws cover a few items inside the software, but when strung together allow for a remote attacker to leverage a core communication function to gain access. Two of the vulnerabilities that were disclosed related to password usage and leakage. CVE-2021-38456 covers the use of hardcoded passwords inside the software, while CVE-2021-38460 covers potential leakage of these and other passwords. The three others comprise a path traversal vulnerability (allowing access to the hardcoded passwords), improper controls to prevent unauthorized commands (the arbitrary code bit) and allowing for remote access to the MQTT which is the main communication service for the software.

This is like a perfect storm of vulnerabilities that would allow an attacker full control over a targeted system. The flaws were found and disclosed to Moxa in October 2021. They are present in MXView 3.x up to and including 3.2.2. Version 3.2.4, which was released in July of 2021 does not appear to be affected. Moxa recently released version 3.2.6 of MXView on January 7th of this year. It is recommended that organizations using MXView update to a non-affected version as soon as possible.

We cannot stress this enough; remote management and monitoring software is a fantastic option to help assist with maintaining and controlling an environment. However, by its nature it can quickly become a target and a nightmare if not built with proper controls or it is left to run on older versions that have flaws in them. Developers and vendors of these types of software as well as groups that use them, must make sure they are keeping them up-to-date and monitoring them. They should, always, be treated as a threat and risk simply because of how much damage they can do if abused or compromised.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.