CVE-2024-6785 Moxa CVE debrief

Who should care

Organizations operating Moxa MXview One network management software in industrial environments, particularly those with multi-user systems or concerns about insider threats. Security teams responsible for OT/ICS infrastructure and compliance with credential management standards should prioritize assessment. This vulnerability is especially relevant for environments where configuration files may be accessible to non-administrative users or where backup and version control systems could inadvertently expose cleartext credentials.

Technical summary

The vulnerability exists in configuration file handling where credentials are stored without encryption. Local attackers with low privileges can exploit this by reading the configuration file directly from the filesystem. The attack requires no user interaction and has low complexity. Successful exploitation results in confidentiality impact through sensitive information exposure, though integrity and availability impacts are not directly affected per CVSS 3.1 scoring.

Defensive priority

medium

Recommended defensive actions

• Upgrade MXview One Series to version 1.4.1 or later
• Upgrade MXview One Central Manager Series to version 1.0.3 or later
• Minimize network exposure to prevent Internet accessibility
• Change default credentials immediately upon first login
• Review configuration file permissions to restrict unauthorized local access

Evidence notes

The CSAF source identifies two affected product branches: MXview One Series (≤1.4.0) and MXview One Central Manager Series (1.0.0). The CVSS 3.1 vector confirms local attack vector with low attack complexity and low privileges required.

Official resources