Security News > 2022 > February > Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
The MXview software uses the MQTT server to distribute most of its IPC/RPC messages, they added, and most of the MXview APIs use the MQTT protocol to receive and handle requests.
Mosquitto enables MQTT over Websockets, so that users can receive MQTT data via a web browser.
Once an attacker has access to the MQTT broker, CVE-2021-38454 and CVE-2021-38458 come into play to allow RCE through command injection.
An attacker who has gained access to the MQTT system via the first vulnerability can inject a MQTT message directly to the MQTT broker.
An attacker could abuse this by sending a malicious MQTT message containing path traversal characters, and inject it directly into the MQTT topic, they explained, thus resulting in the creation of arbitrary files on the host server's file system.
"Command injection via MQTT is an interesting and seldom discussed technique, and only goes to demonstrate the increasing complexity of the input vectors any given application may have. Proper sanitization is important everywhere, not just on real-time inputs which are exposed directly to users. MXview users would be well advised to patch as quickly as possible."
News URL
https://threatpost.com/critical-mqtt-bugs-industrial-rce-moxa/178399/
Related news
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-12 | CVE-2021-38458 | Injection vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 9.8 |
| 2021-10-12 | CVE-2021-38454 | Path Traversal vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 10.0 |