Rewterz Threat Advisory – ICS: Moxa MXview Network Management Software
October 6, 2021Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
October 7, 2021Rewterz Threat Advisory – ICS: Moxa MXview Network Management Software
October 6, 2021Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
October 7, 2021Severity
High
Analysis Summary
CVE-2021-38397
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
CVE-2021-38395
The affected product is vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
CVE-2021-38399
The affected product is vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
Impact
- Remote Code Execution
- Denial of Service
Affected Vendors
- Honeywell
Affected Products
- C200: All versions
- C200E: All versions
- C300 and ACE controllers: All versions
Remediation
Refer to US-CERT Advisory for patch, upgrade, or suggested workaround information.