← back
CVE-2018-18396

CVE-2018-18396

EPSS 2.3%
In short

A vulnerability in Moxa ThingsPro version 2.1 allows attackers to run malicious code remotely on affected devices without proper authentication, potentially taking full control of the system.

Technical detail

CVE-2018-18396 involves a remote code execution flaw in Moxa ThingsPro IIoT Gateway v2.1 accessible over the network without authentication requirements. Exploitation enables arbitrary command execution with the privileges of the affected service, compromising the confidentiality, integrity, and availability of the gateway and connected industrial systems.

Summary generated and translated by AI from the official description.
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Affected products
Moxa · ThingsPro IIoT Gateway and Device Management Software Solutions

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-024-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-remote-code-execution/