CVE-2024-6785 – This vulnerability allows attackers with local ... (How to Fix)

Q: What is the severity of CVE-2024-6785?

CVE-2024-6785 has a CVSS score of 5.5 (MEDIUM). This vulnerability allows attackers with local access to read or modify configuration files containing cleartext credentials. This affects Moxa MXview One and MXview One Central Manager series products. The exposure of sensitive information could lead to service abuse or further system compromise.

📋 TL;DR

This vulnerability allows attackers with local access to read or modify configuration files containing cleartext credentials. This affects Moxa MXview One and MXview One Central Manager series products. The exposure of sensitive information could lead to service abuse or further system compromise.

💻 Affected Systems

Products:

Moxa MXview One Series
Moxa MXview One Central Manager Series

Versions: All versions prior to the patched release

Operating Systems: Not specified in advisory

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration where credentials are stored in cleartext in configuration files.

📦 What is this software?

Mxview One by Moxa

View all CVEs affecting Mxview One →

Mxview One Central Manager by Moxa

View all CVEs affecting Mxview One Central Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains administrative access to the system, modifies configurations to disrupt operations, or uses stolen credentials to pivot to other systems.

🟠

Likely Case

Local user or compromised account reads configuration files to obtain credentials for privilege escalation or lateral movement.

🟢

If Mitigated

Limited to credential exposure without successful exploitation due to access controls and monitoring.

🌐 Internet-Facing: LOW (requires local access, not directly exploitable over network)

🏢 Internal Only: MEDIUM (requires local access but internal attackers or compromised accounts could exploit)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local file system access to read or modify configuration files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series

Restart Required: Yes

Instructions:

1. Review vendor advisory for affected versions. 2. Download and apply the latest firmware/software update from Moxa. 3. Restart the affected services or systems. 4. Verify credentials are no longer stored in cleartext.

🔧 Temporary Workarounds

Restrict File Permissions

linux

Limit access to configuration files to only necessary users and processes.

chmod 600 /path/to/config/file
chown root:root /path/to/config/file

Implement File Integrity Monitoring

linux

Monitor configuration files for unauthorized changes.

auditctl -w /path/to/config/file -p war -k config_file_monitor

🧯 If You Can't Patch

Implement strict access controls to limit who can access the system locally
Monitor configuration files for unauthorized access or modifications

🔍 How to Verify

Check if Vulnerable:

Check if configuration files contain cleartext credentials using grep or file inspection tools.

Check Version:

Check product version via web interface or system command specific to MXview products

Verify Fix Applied:

Verify configuration files no longer contain cleartext credentials and have proper permissions.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to configuration files
Failed permission checks on sensitive files

Network Indicators:

Not applicable - local file access vulnerability

SIEM Query:

source="*" (file_access AND path="*/config*" AND user!="authorized_user")

📊 Metadata

CVE ID: CVE-2024-6785

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-313

Published: September 21, 2024

Last Updated: September 27, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 Third Party Advisory,US Government Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6785, you might also want to check these: