January 14, 2018 Karn Ganeshen

[ICS] Moxa MXview – Unquoted Search Path Vulnerability

Vendor: Moxa
Equipment: MXview
Vulnerability: Unquoted Search Path

ICS-CERT Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02

CVE-ID
CVE-2017-14030

AFFECTED PRODUCTS
The following versions of MXview, network management software, are affected:

  • MXview v2.8 and prior.


BACKGROUND

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan


VULNERABILITY OVERVIEW

UNQUOTED SEARCH PATH OR ELEMENT CWE-428

Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.

CVE-2017-14030 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Details

MXview application installs MXviewService that run as LocalSystem by default, and suffer from an unquoted search path issue. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.


IMPACT

Successful exploitation of this vulnerability may allow an authenticated, but non-privileged, local user to execute arbitrary code with elevated privileges.

+++++

~Cheers

Tagged: , , , , , ,