Moxa Inc.'s MXview is often used by enterprises to visualize network devices and physical connections automatically....
A vulnerability was recently found in some MXview versions that could enable privilege escalation. What is this vulnerability, and how can Moxa MXview be abused?
The unquoted service path vulnerability was found in MXview 2.8 and earlier versions, and it enables a local user to escalate privileges by inserting arbitrary code in a service path that is not enclosed with quotes. The unquoted service path may contain spaces -- for instance, D:\2012455 4562 56. To execute the arbitrary code, the service must be enabled before it can be restarted.
Moxa MXview can be abused in several different ways, including:
- The user could configure, monitor and diagnose new network devices in the enterprise's industrial devices and Simple Network Management Protocol/IP devices installed on subnets. These devices include industrial wireless devices, industrial secure routers, industrial Ethernet gateways and Ethernet remote I/Os.
- The user could manually look through the services via the command window to find other paths that are unquoted. This could alter the service path, appearance of the dashboard, file names, data in files, the placement of files into a subdirector, and some menu items could even be added or deleted.
- The backup of the MXview database could be rescheduled and possibly rerouted to the user's server, where the user could then alter the files in the database before sending them back to the MXview server. The database includes topology, job scheduling, events and device properties.
- The configuration of event notification alarms that are sent through text messages and emails could be maliciously modified. The user could alter links, delete a device and add a third-party icon without permission from the legitimate system administrator.
- Support for the MXview ToGo mobile app for remote monitoring and notification could be disabled or maliciously altered. As a result, the mobile user would not be properly notified of an event in MXview.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Judith Myerson
A vulnerability was found in the LG network involving remote preauthenticated commands. Learn how researchers created a malicious password to show ... Continue Reading
A warning was issued by the Department of Homeland Security regarding the exploitation of SS7 vulnerabilities by IMSI catchers. Learn how this puts ... Continue Reading
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.