The following versions of MXview, network management software, are affected:
- MXview v2.8 and prior.
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan
UNQUOTED SEARCH PATH OR ELEMENT CWE-428
Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
CVE-2017-14030 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
MXview application installs MXviewService that run as LocalSystem by default, and suffer from an unquoted search path issue. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
•MXviewService (MXviewService) runs as LocalSystem and has path: C:\Program Files\Moxa\MXview\bin\MXviewServiceControl.exe:
Successful exploitation of this vulnerability may allow an authenticated, but non-privileged, local user to execute arbitrary code with elevated privileges.