CVE-2017-12729 – CVE-2017-12729 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2017-12729?

CVE-2017-12729 has a CVSS score of 9.8 (CRITICAL). CVE-2017-12729 is a SQL injection vulnerability in Moxa SoftCMS Live Viewer that allows attackers to bypass authentication and gain unauthorized access to the system. This affects organizations using Moxa SoftCMS Live Viewer version 1.6 and earlier for industrial control system monitoring.

📋 TL;DR

CVE-2017-12729 is a SQL injection vulnerability in Moxa SoftCMS Live Viewer that allows attackers to bypass authentication and gain unauthorized access to the system. This affects organizations using Moxa SoftCMS Live Viewer version 1.6 and earlier for industrial control system monitoring.

💻 Affected Systems

Products:

Moxa SoftCMS Live Viewer

Versions: Version 1.6 and earlier

Operating Systems: Windows (based on typical SoftCMS deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations of SoftCMS Live Viewer 1.6 and earlier. The vulnerability is in the authentication mechanism.

📦 What is this software?

Softcms Lab View by Moxa

View all CVEs affecting Softcms Lab View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the SoftCMS system allowing attackers to gain administrative access, manipulate industrial control data, and potentially disrupt industrial operations.

🟠

Likely Case

Unauthorized access to the SoftCMS interface allowing attackers to view sensitive industrial control data and potentially modify system configurations.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - SQL injection vulnerabilities are easily exploitable and this allows authentication bypass on internet-facing systems.

🏢 Internal Only: MEDIUM - Still significant risk if internal attackers or compromised internal systems can reach the vulnerable service.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are well-understood and easily weaponized. The authentication bypass nature makes this particularly dangerous.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.7 or later

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/moxa-softcms-live-viewer-sql-injection-vulnerability

Restart Required: Yes

Instructions:

1. Download SoftCMS Live Viewer version 1.7 or later from Moxa's website. 2. Backup current configuration. 3. Install the updated version. 4. Restart the SoftCMS service. 5. Verify authentication is working properly.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SoftCMS systems from untrusted networks and internet access

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the SoftCMS interface
Monitor authentication logs for suspicious activity and failed login attempts

🔍 How to Verify

Check if Vulnerable:

Check SoftCMS Live Viewer version in the application interface or installation directory. Versions 1.6 and earlier are vulnerable.

Check Version:

Check the About section in SoftCMS Live Viewer interface or examine the installation directory for version information.

Verify Fix Applied:

Verify version is 1.7 or later and test authentication functionality. Attempt SQL injection payloads should be properly rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
SQL error messages in application logs
Successful logins from unexpected IP addresses

Network Indicators:

SQL injection patterns in HTTP requests to SoftCMS endpoints
Unusual database queries from the SoftCMS application

SIEM Query:

source="softcms_logs" AND (event="authentication_failure" OR event="sql_error" OR message="%sql%" OR message="%injection%")

📊 Metadata

CVE ID: CVE-2017-12729

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 18, 2018

Last Updated: November 21, 2024

🔗 References

https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05 Mitigation,Third Party Advisory,US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-12729, you might also want to check these: