What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-38458.

What is the description of this vulnerability?

The description of this vulnerability is a path traversal vulnerability in the Moxa MXview Network Management software that may allow an attacker to create or overwrite critical files used to execute code.

What is the affected software and version range for this vulnerability?

The affected software for this vulnerability is Moxa MXview Network Management software Versions 3.x to 3.2.2.

What is the severity of this vulnerability?

The severity of this vulnerability is critical with a CVSS score of 9.8.

Is there any official reference for this vulnerability?

Yes, there is an official reference for this vulnerability. You can find it at [here](https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03).

What are the Common Weakness Enumeration (CWE) IDs associated with this vulnerability?

The CWE IDs associated with this vulnerability are CWE-22 and CWE-74.

Vulnerability/
CVE-2021-38458

critical

9.8

CWE

74 22

5/10/2021

4/8/2024

CVE-2021-38458: Moxa MXview Network Management Software

Q: What is the title of this vulnerability?

The title of this vulnerability is 'A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2'.

First published: Tue Oct 05 2021(Updated: )

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Moxa MXview	>=3.0<=3.2.2
Moxa MXview Network Management Software: Versions 3.x to 3.2.2

Remedy

Moxa recommends users do the following: Upgrade to software package v3.2.4 or higher. Users should change their Windows password regularly and use a firewall. If users need to use a multiple-site function, Moxa recommends a firewall to block Port 8883. If users do not have this requirement, Moxa suggests using the firewall to assign the Accessible IP of MXview at the client site.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-278-03

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-38458.
What is the title of this vulnerability?
The title of this vulnerability is 'A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2'.
What is the description of this vulnerability?
The description of this vulnerability is a path traversal vulnerability in the Moxa MXview Network Management software that may allow an attacker to create or overwrite critical files used to execute code.
What is the affected software and version range for this vulnerability?
The affected software for this vulnerability is Moxa MXview Network Management software Versions 3.x to 3.2.2.
What is the severity of this vulnerability?
The severity of this vulnerability is critical with a CVSS score of 9.8.
Is there any official reference for this vulnerability?
Yes, there is an official reference for this vulnerability. You can find it at [here](https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03).
What are the Common Weakness Enumeration (CWE) IDs associated with this vulnerability?
The CWE IDs associated with this vulnerability are CWE-22 and CWE-74.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/severity
agent/last-modified-date
agent/remedy
agent/weakness
agent/softwarecombine
agent/title
agent/description
agent/first-publish-date
agent/tags
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/moxa
canonical/moxa mxview
version/moxa mxview/3.0
version/moxa mxview/3.2.2
canonical/moxa mxview network management software: versions 3.x to 3.2.2