PT-2017-17750 · Moxa · Moxa Mx-Aopc Server

Hyp3Rlinx

Published

2017-04-14

Updated

2017-08-16

CVE-2017-7457

CVSS v3.1

5.0

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moxa MX-AOPC Server version 1.5

Description The issue allows for remote file disclosure via XML External Entity (XXE) vulnerability through ".AOP" files used by the Moxa MX-AOPC Server.

Recommendations For Moxa MX-AOPC Server version 1.5, update the software to a version that fixes this issue, if available. As a temporary workaround, consider restricting access to the ".AOP" files to minimize the risk of exploitation.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-7457

Affected Products

Moxa Mx-Aopc Server

PT-2017-17750 · Moxa · Moxa Mx-Aopc Server

CVE-2017-7457

Weakness Enumeration

Related Identifiers

Affected Products

References · 5