Rewterz Threat Advisory – ICS: Emerson WirelessHART Gateway
October 6, 2021Rewterz Threat Advisory – ICS: Honeywell Experion PKS and ACE Controllers
October 6, 2021Rewterz Threat Advisory – ICS: Emerson WirelessHART Gateway
October 6, 2021Rewterz Threat Advisory – ICS: Honeywell Experion PKS and ACE Controllers
October 6, 2021Severity
High
Analysis Summary
CVE-2021-38452
A path traversal vulnerability in the application may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-38456
The affected product uses hard-coded passwords, which may allow an attacker to gain access through accounts using default passwords.
CVE-2021-38460
The affected product is vulnerable to password leakage, which may allow an attacker to obtain credentials through unprotected transport.
CVE-2021-38458
The affected product is vulnerable to improper neutralization of special elements, which may allow an attacker to remotely execute unauthorized commands. This could allow an attacker to disable software or read and modify otherwise inaccessible data.
CVE-2021-38454
The affected product has a misconfigured service that allows remote connections to internal communication channels, which may allow an attacker to interact and use MQTT remotely.
Impact
- Unauthorized Access
- Credential Theft
- Remote Code Execution
Affected Vendors
- Moxa
Affected Products
- MXview Network Management Software: Versions 3.x to 3.2.2
Remediation
Refer to US-CERT Advisory for patch, upgrade, or suggested workaround information.