DESCRIPTION:
Moxa MXview network management software is designed for configuring, monitoring, and diagnosing networking devices in industrial networks. Multiple vulnerabilities (CVE-2021-38452, 38454, 38456, 38458 and 38460) exist in MOXA MXview. A remote attacker can connect vulnerabilities above and execute arbitrary code on the system. Successful exploitation of the vulnerabilities may allow an attacker to compromise a vulnerable system.
AFFECTED RELEASES:
MOXA MXview 3.0 to 3.2.2
SOLUTION:
Users and system administrators of affected products are advised to apply the security updates immediately from the following URL:
https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=53389
REFERENCE:
1. https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-03
2. https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/
3. https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=53389
4. https://www.ithome.com.tw/news/149381