Moxa

14 Jan 2018

[ICS] Moxa MXview – Unquoted Search Path Vulnerability

Vendor: Moxa
Equipment: MXview
Vulnerability: Unquoted Search Path

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02

CVE-ID
CVE-2017-14030

AFFECTED PRODUCTS
The following versions of MXview, network management software, are affected:

  • MXview v2.8 and prior.

IMPACT
Successful exploitation of this vulnerability may allow an authenticated, but non-privileged, local user to execute arbitrary code with elevated privileges.

Read on for details.

Read more

01 Sep 2017

[ICS] Moxa SoftNVR-IA Live Viewer – Insecure Library Loading Allows Code Execution

Vendor: Moxa
Equipment: SoftNVR-IA Live Viewer
Vulnerability: Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02

CVE-ID
CVE-2017-5170

AFFECTED PRODUCTS
The following versions of SoftNVR-IA Live Viewer, a video surveillance software designed for industrial automation systems, are affected:

  • SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions

IMPACT
Successful exploitation of this vulnerability may allow an attacker to execute code from a malicious DLL on the affected system with the same privileges as the user running the program.

Read on for details.

Read more