Security News > 2022 > February > Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

The MXview software uses the MQTT server to distribute most of its IPC/RPC messages, they added, and most of the MXview APIs use the MQTT protocol to receive and handle requests.
Mosquitto enables MQTT over Websockets, so that users can receive MQTT data via a web browser.
Once an attacker has access to the MQTT broker, CVE-2021-38454 and CVE-2021-38458 come into play to allow RCE through command injection.
An attacker who has gained access to the MQTT system via the first vulnerability can inject a MQTT message directly to the MQTT broker.
An attacker could abuse this by sending a malicious MQTT message containing path traversal characters, and inject it directly into the MQTT topic, they explained, thus resulting in the creation of arbitrary files on the host server's file system.
"Command injection via MQTT is an interesting and seldom discussed technique, and only goes to demonstrate the increasing complexity of the input vectors any given application may have. Proper sanitization is important everywhere, not just on real-time inputs which are exposed directly to users. MXview users would be well advised to patch as quickly as possible."
News URL
https://threatpost.com/critical-mqtt-bugs-industrial-rce-moxa/178399/
Related news
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-12 | CVE-2021-38458 | Injection vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 9.8 |
2021-10-12 | CVE-2021-38454 | Path Traversal vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 10.0 |