A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. Three of the bugs can be chained together to achieve the aforementioned RCE (CVE-2021-38452), but the others can be used to lift passwords and other sensitive information. The bugs are patched in MXview version 3.2.2, affecting versions 3.x to 3.4.2. MXview software uses the MQTT server to distribute most of its IPC/RPC messages.”]
Source: https://threatpost.com/critical-mqtt-bugs-industrial-rce-moxa/178399/