MocoEmsys Mpower Product Security Advisory
Overview
MocoMsys has announced vulnerability scans and patch advisories for its products, Mpower EZis-C and Mpower Cloud. users of these products are advised to update to the latest versions.
mpower EZis-C: A document centralization solution that enables integrated management of documents on individual PCs
mpower Cloud: A solution that enables integrated management of documents stored on individual PCs in cloud storage
Affected Products
Mpower EZis-C and Mpower Cloud solutions (all versions)
Resolved Vulnerabilities
Remote code execution vulnerability in Mpower EZis-C and Mpower Cloud Solutions (All Versions)
vulnerability Mitigation
o Action Plan
– Replace the following files with the latest vulnerability patches from the manufacturer
– reqShaReceiveLogFileCns.php, reqShaCbFsReadFileCns.php
o If suspicious file access is confirmed, report the incident
– Check if reqShaReceiveLogFileCns.php and reqShaCbFsReadFileCns.php files are accessed in the product access logs
– Report the incident on the ‘KISA Internet Protection Korea & KrCERT’ website
– Encrypt and compress the folder containing the relevant files for incident investigation and submit the evidence when reporting the incident
Referenced Sites
[1] MocoMsys Mpower product security advisory