Moxa MXview (ICSA-18-011-02) – Product Used in the Energy Sector

ICS-CERT has released an advisory on a Moxa MXview vulnerability. MXview v2.8 and prior versions are affected. Successful exploitation of this vulnerability could allow a local authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Moxa has produced new firmware Version 2.9 for the affected devices. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.