Security News > 2022 > February > Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
2022-02-11 21:51

The MXview software uses the MQTT server to distribute most of its IPC/RPC messages, they added, and most of the MXview APIs use the MQTT protocol to receive and handle requests.

Mosquitto enables MQTT over Websockets, so that users can receive MQTT data via a web browser.

Once an attacker has access to the MQTT broker, CVE-2021-38454 and CVE-2021-38458 come into play to allow RCE through command injection.

An attacker who has gained access to the MQTT system via the first vulnerability can inject a MQTT message directly to the MQTT broker.

An attacker could abuse this by sending a malicious MQTT message containing path traversal characters, and inject it directly into the MQTT topic, they explained, thus resulting in the creation of arbitrary files on the host server's file system.

"Command injection via MQTT is an interesting and seldom discussed technique, and only goes to demonstrate the increasing complexity of the input vectors any given application may have. Proper sanitization is important everywhere, not just on real-time inputs which are exposed directly to users. MXview users would be well advised to patch as quickly as possible."


News URL

https://threatpost.com/critical-mqtt-bugs-industrial-rce-moxa/178399/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-10-12 CVE-2021-38458 Injection vulnerability in Moxa Mxview
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
network
low complexity
moxa CWE-74
7.5
2021-10-12 CVE-2021-38454 Path Traversal vulnerability in Moxa Mxview
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
network
low complexity
moxa CWE-22
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Moxa 578 6 142 97 38 283