CVE-2020-13537

Name of the Vulnerable Software and Affected Versions Moxa MXView version 3.1.8

Description The issue is related to incorrect default permission settings, allowing an attacker to execute arbitrary commands with system user privileges by exploiting a local privilege elevation vulnerability in the file system permissions of Moxa MXView. This can be achieved by adding code to a script or replacing a binary, taking advantage of the MXViewService, which runs as a NT SYSTEM authority user and executes a series of Node.Js scripts to start additional application functionality, including the mosquitto executable.

Recommendations For Moxa MXView version 3.1.8, consider restricting access to the MXViewService and the Node.Js scripts it executes to minimize the risk of exploitation. Additionally, review the file system permissions to ensure they are properly set to prevent unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.