CVE-2024-6787 Moxa CVE debrief

Who should care

Organizations operating Moxa MXview One Series (versions ≤1.4.0) or MXview One Central Manager Series (version 1.0.0) for industrial network infrastructure management. Critical infrastructure operators, manufacturing facilities, and utilities relying on Moxa network management software should prioritize patching.

Technical summary

The vulnerability stems from a TOCTOU (Time-of-Check to Time-of-Use) race condition in file handling operations. An attacker can exploit the timing gap between when a file's properties are checked and when the file is actually used, allowing substitution of malicious files that bypass security checks. Successful exploitation grants arbitrary file write capabilities, which can be chained to achieve code execution or cause data loss. The attack requires network access and low privileges but is mitigated by high attack complexity.

Defensive priority

medium

Recommended defensive actions

• Upgrade MXview One Series to version 1.4.1 or later
• Upgrade MXview One Central Manager Series to version 1.0.3 or later
• Minimize network exposure to ensure affected systems are not accessible from the Internet
• Change default credentials immediately upon first login to prevent unauthorized access
• Apply network segmentation to isolate industrial control system networks from enterprise IT networks
• Monitor for anomalous file system activity on MXview One hosts

Evidence notes

CISA published advisory ICSA-24-268-05 on September 24, 2024, identifying this TOCTOU vulnerability in Moxa's network management software. The advisory specifies affected versions and provides vendor fix guidance.

Official resources