Product support

Security Advisories

SUMMARY

MXview Series Network Management Software Vulnerabilities

  • Version: V1.0
  • Release Date: Nov 03, 2020
  • Reference:
    • CVE-2020-13536, CVE-2020-13537

Multiple product vulnerabilities were identified in Moxa’s MXview Series Network Management Software. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Incorrect Default Permissions (CWE-276), CVE-2020-13536, CVE-2020-13537 An attacker may be able to edit a source file to insert a malicious code to elevate their permissions.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
MXview Series Firmware Version from 3.0 to 3.1.8

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
MXview Series Please download the new software here. Follow the back up and migrate procedure to upgrade MXview.
If you have any questions during the migration process, please contact Moxa Technical Support for assistance.

Acknowledgment:

We would like to express our appreciation to Yuri Kramarz of Cisco Talos for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Nov 03, 2020

Relevant Products

MXview Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
Feedback