Details of VAR-201801-0524

ID

VAR-201801-0524

CVE

CVE-2017-14030

TITLE

Moxa MXView Vulnerabilities related to unquoted search paths or elements

Trust: 0.8

sources: JVNDB: JVNDB-2017-012100

DESCRIPTION

An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Moxa MXView Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa MXView is a network management software for Moxa's configuration, monitoring and diagnostics of network devices in Industrial Ethernet. A privilege elevation vulnerability exists in Moxa MXview 2.8 and earlier. Moxa MXview is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code with elevated privileges

Trust: 2.7

sources: NVD: CVE-2017-14030 // JVNDB: JVNDB-2017-012100 // CNVD: CNVD-2018-00906 // BID: 102494 // IVD: e2e155c0-39ab-11e9-acc4-000c29342cb1 // VULHUB: VHN-104712

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e155c0-39ab-11e9-acc4-000c29342cb1 // CNVD: CNVD-2018-00906

AFFECTED PRODUCTS

vendor:	moxa	model:	mxview	scope:	lte	version:	2.8	Trust: 1.8
vendor:	moxa	model:	mxview	scope:	eq	version:	2.8	Trust: 0.9
vendor:	moxa	model:	mxview	scope:	lte	version:	<=2.8	Trust: 0.6
vendor:	moxa	model:	mxview	scope:	ne	version:	2.9	Trust: 0.3
vendor:	mxview	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e155c0-39ab-11e9-acc4-000c29342cb1 // CNVD: CNVD-2018-00906 // BID: 102494 // JVNDB: JVNDB-2017-012100 // CNNVD: CNNVD-201708-1245 // NVD: CVE-2017-14030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14030
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-14030
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-00906
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201708-1245
value:	HIGH
Trust: 0.6
IVD:	e2e155c0-39ab-11e9-acc4-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-104712
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-14030
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-00906
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e155c0-39ab-11e9-acc4-000c29342cb1
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-104712
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-14030
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e155c0-39ab-11e9-acc4-000c29342cb1 // CNVD: CNVD-2018-00906 // VULHUB: VHN-104712 // JVNDB: JVNDB-2017-012100 // CNNVD: CNNVD-201708-1245 // NVD: CVE-2017-14030

PROBLEMTYPE DATA

problemtype:

CWE-428

Trust: 1.9

sources: VULHUB: VHN-104712 // JVNDB: JVNDB-2017-012100 // NVD: CVE-2017-14030

THREAT TYPE

local

Trust: 0.9

sources: BID: 102494 // CNNVD: CNNVD-201708-1245

TYPE

Code problem

Trust: 0.8

sources: IVD: e2e155c0-39ab-11e9-acc4-000c29342cb1 // CNNVD: CNNVD-201708-1245

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012100

PATCH

title:	MXview	url:	https://www.moxa.com/product/MXview.htm	Trust: 0.8
title:	Moxa MXview privilege escalation vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/113407	Trust: 0.6
title:	Moxa MXview Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100008	Trust: 0.6

sources: CNVD: CNVD-2018-00906 // JVNDB: JVNDB-2017-012100 // CNNVD: CNNVD-201708-1245

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14030	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-011-02	Trust: 3.4
db:	BID	id:	102494	Trust: 2.6
db:	CNNVD	id:	CNNVD-201708-1245	Trust: 0.9
db:	CNVD	id:	CNVD-2018-00906	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-012100	Trust: 0.8
db:	IVD	id:	E2E155C0-39AB-11E9-ACC4-000C29342CB1	Trust: 0.2
db:	SEEBUG	id:	SSVID-99026	Trust: 0.1
db:	VULHUB	id:	VHN-104712	Trust: 0.1

sources: IVD: e2e155c0-39ab-11e9-acc4-000c29342cb1 // CNVD: CNVD-2018-00906 // VULHUB: VHN-104712 // BID: 102494 // JVNDB: JVNDB-2017-012100 // CNNVD: CNNVD-201708-1245 // NVD: CVE-2017-14030

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-011-02	Trust: 3.4
url:	http://www.securityfocus.com/bid/102494	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14030	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14030	Trust: 0.8
url:	http://www.moxa.com/	Trust: 0.3
url:	https://www.moxa.com/support/sarch_result.aspx?prod_id=622&type_id=6&type=soft	Trust: 0.3

sources: CNVD: CNVD-2018-00906 // VULHUB: VHN-104712 // BID: 102494 // JVNDB: JVNDB-2017-012100 // CNNVD: CNNVD-201708-1245 // NVD: CVE-2017-14030

CREDITS

Karn Ganeshen

Trust: 0.3

sources: BID: 102494

SOURCES

db:	IVD	id:	e2e155c0-39ab-11e9-acc4-000c29342cb1
db:	CNVD	id:	CNVD-2018-00906
db:	VULHUB	id:	VHN-104712
db:	BID	id:	102494
db:	JVNDB	id:	JVNDB-2017-012100
db:	CNNVD	id:	CNNVD-201708-1245
db:	NVD	id:	CVE-2017-14030

LAST UPDATE DATE

2024-11-23T22:00:46.971000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-00906	date:	2018-01-15T00:00:00
db:	VULHUB	id:	VHN-104712	date:	2019-10-09T00:00:00
db:	BID	id:	102494	date:	2018-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-012100	date:	2018-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201708-1245	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-14030	date:	2024-11-21T03:12:00.730

SOURCES RELEASE DATE

db:	IVD	id:	e2e155c0-39ab-11e9-acc4-000c29342cb1	date:	2018-01-15T00:00:00
db:	CNVD	id:	CNVD-2018-00906	date:	2018-01-15T00:00:00
db:	VULHUB	id:	VHN-104712	date:	2018-01-12T00:00:00
db:	BID	id:	102494	date:	2018-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-012100	date:	2018-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201708-1245	date:	2017-08-31T00:00:00
db:	NVD	id:	CVE-2017-14030	date:	2018-01-12T20:29:00.213