CVE-2024-6785

Summary

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.

Affected Software

VendorProductVersion RangeStatus
MoxaMXview One Series0 < 1.3.0affected
MoxaMXview One Central Manager Series0 < 1.0.0affected

Weaknesses

  • CWE-313: CWE-313: Cleartext Storage in a File or on Disk

Workarounds

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • It is highly recommended to change the default credentials immediately upon your first login to the service. This helps enhance security and prevent unauthorized access

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References