Search criteria
5 vulnerabilities found for UC-3100 Series by MOXA
VAR-202211-1511
Vulnerability from variot - Updated: 2024-08-14 15:32UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. Moxa Provided by ARM-Based Computers The following vulnerabilities exist in. It was * Improper authority management (CWE-269) - CVE-2022-3088If the vulnerability is exploited, it may be affected as follows. It was * to a general privileged user root Gained authority and full control over the system.
There is a privilege escalation vulnerability in Moxa ARM-Based Computers, attackers can exploit the vulnerability to obtain root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "uc-8580-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "aig-301-t-us-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8410a-nw-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.1.2"
},
{
"model": "uc-8540-t-ct-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "uc-2111-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "uc-2116-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3111-t-us-lx-nw",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "aig-301-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-2101-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.12"
},
{
"model": "uc-3121-t-us-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3111-t-ap-lx-nw",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-3111-t-us-lx-nw",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-5102-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-3101-t-us-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-3121-t-eu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "da-662c-16-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0.2"
},
{
"model": "uc-3111-t-ap-lx-nw",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8220-t-lx-s",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3121-t-eu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "aig-301-ap-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8580-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "uc-8540-t-ct-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "uc-5112-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8220-t-lx-eu-s",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "uc-8131-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.5"
},
{
"model": "uc-2102-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "aig-301-t-ap-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8220-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "uc-2112-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-5112-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "aig-301-us-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-2104-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "uc-5101-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8162-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.5"
},
{
"model": "uc-8112-me-t-lx1",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "uc-8410a-nw-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0.2"
},
{
"model": "uc-2114-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8132-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.5"
},
{
"model": "uc-8112a-me-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8131-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "uc-8220-t-lx-ap-s",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-5101-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-2101-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "aig-301-t-cn-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-3111-t-eu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "aig-301-eu-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8410a-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.1.2"
},
{
"model": "uc-3111-t-eu-lx-nw",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-5111-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-8112a-me-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-8220-t-lx-eu-s",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8580-t-ct-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "uc-3101-t-ap-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "aig-301-t-eu-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-8540-t-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "uc-3111-t-eu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "da-662c-16-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.1.2"
},
{
"model": "uc-3111-t-ap-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3111-t-eu-lx-nw",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-2102-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "aig-301-cn-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-8580-t-q-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "uc-3121-t-us-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-5112-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3111-t-us-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8162-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "uc-5101-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-8580-t-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "uc-3121-t-ap-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-8540-t-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "uc-5101-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-5102-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8220-t-lx-ap-s",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "uc-3121-t-ap-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8410a-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.1.2"
},
{
"model": "uc-2114-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "uc-3101-t-us-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8112-me-t-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "uc-2112-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "aig-301-t-cn-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8580-t-q-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "uc-8580-t-ct-q-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "uc-8112-me-t-lx1",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "aig-301-eu-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-5111-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8540-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "uc-8112-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "aig-301-t-eu-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8220-t-lx-us-s",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "aig-301-t-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8580-t-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "uc-8580-q-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "uc-5111-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3101-t-ap-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "aig-301-cn-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-2111-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "aig-301-t-us-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-2102-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "uc-8410a-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0.2"
},
{
"model": "uc-8580-t-ct-q-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "uc-5102-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-8540-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "aig-301-ap-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-8580-q-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "aig-301-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-2116-t-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "uc-8410a-nw-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0.2"
},
{
"model": "uc-5111-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-8580-t-ct-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "uc-5102-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8410a-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0.2"
},
{
"model": "uc-8112-me-t-lx",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "uc-3101-t-eu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-8220-t-lx-s",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "uc-5112-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "aig-301-t-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "aig-301-us-azu-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3111-t-ap-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-8112-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.5"
},
{
"model": "aig-301-t-ap-azu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "uc-8220-t-lx-us-s",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "uc-8410a-nw-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.1.2"
},
{
"model": "uc-2104-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3101-t-eu-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-2102-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "uc-8220-t-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "uc-3111-t-us-lx",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "uc-8132-lx",
"scope": "gte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "uc-3100 series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-8100a-me-t series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-8200 series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "da-662c-16-lx series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-8580 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "system image v2.0 v2.1"
},
{
"model": "uc-8100 series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-8100-me-t series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-8410a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-2100 series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-2100-w series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "aig-300 series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-5100 series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "uc-8540 series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "da-662c-16-lx system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "1.0.2,\u003c=1.1.2"
},
{
"model": "uc-8540 with debian system image",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "9v2.0"
},
{
"model": "uc-8540 with debian system image",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "9v2.1"
},
{
"model": "uc-8580 with debian system image",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "9v2.0"
},
{
"model": "uc-8580 with debian system image",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "9v2.1"
},
{
"model": "uc-8410a with debian system image",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "9v4.0.2"
},
{
"model": "uc-8410a with debian system image",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "9v4.1.2"
},
{
"model": "aig-300 system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "v1.0,\u003c=v1.4"
},
{
"model": "uc-8200 system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "v1.0,\u003c=v1.5"
},
{
"model": "uc-8100-me-t system image",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v3.0"
},
{
"model": "uc-8100-me-t system image",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v3.1"
},
{
"model": "uc-8100 system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "3.0,\u003c=3.5"
},
{
"model": "uc-5100 system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "v1.0,\u003c=v1.4"
},
{
"model": "uc-3100 system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "1.0,\u003c=1.6"
},
{
"model": "uc-2100-w system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "v1.0,\u003c=v1.12"
},
{
"model": "uc-2100 system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "v1.0,\u003c=v1.12"
},
{
"model": "uc-8100a-me-t system image",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "v1.0,\u003c=v1.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"db": "NVD",
"id": "CVE-2022-3088"
}
]
},
"cve": "CVE-2022-3088",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-86385",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3088",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3088",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-3088",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-3088",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-3088",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-86385",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3391",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3391"
},
{
"db": "NVD",
"id": "CVE-2022-3088"
},
{
"db": "NVD",
"id": "CVE-2022-3088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12,\u0026nbsp;UC-3100 System Image: Versions v1.0 to v1.6,\u0026nbsp;UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa\u0027s ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. Moxa Provided by ARM-Based Computers The following vulnerabilities exist in. It was * Improper authority management (CWE-269) - CVE-2022-3088If the vulnerability is exploited, it may be affected as follows. It was * to a general privileged user root Gained authority and full control over the system. \n\r\n\r\nThere is a privilege escalation vulnerability in Moxa ARM-Based Computers, attackers can exploit the vulnerability to obtain root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"db": "VULMON",
"id": "CVE-2022-3088"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3088",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-326-05",
"trust": 2.5
},
{
"db": "AUSCERT",
"id": "ESB-2022.6116",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU98565313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002764",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-86385",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3391",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-3088",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"db": "VULMON",
"id": "CVE-2022-3088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3391"
},
{
"db": "NVD",
"id": "CVE-2022-3088"
}
]
},
"id": "VAR-202211-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86385"
}
],
"trust": 1.5218749974999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86385"
}
]
},
"last_update_date": "2024-08-14T15:32:24.929000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Arm-based\u00a0Computer\u00a0Improper\u00a0Privilege\u00a0Management\u00a0Vulnerability",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/moxa-arm-based-computer-improper-privilege-management-vulnerability"
},
{
"title": "Patch for MOXA ARM-Based Computers Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/366071"
},
{
"title": "MOXA ARM-Based Computers Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216086"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-250",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"db": "NVD",
"id": "CVE-2022-3088"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6116"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98565313"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3088"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3088/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"db": "VULMON",
"id": "CVE-2022-3088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3391"
},
{
"db": "NVD",
"id": "CVE-2022-3088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"db": "VULMON",
"id": "CVE-2022-3088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3391"
},
{
"db": "NVD",
"id": "CVE-2022-3088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"date": "2022-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"date": "2022-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3391"
},
{
"date": "2022-11-28T22:15:10.783000",
"db": "NVD",
"id": "CVE-2022-3088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86385"
},
{
"date": "2024-06-06T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-002764"
},
{
"date": "2022-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3391"
},
{
"date": "2022-12-07T20:15:11.197000",
"db": "NVD",
"id": "CVE-2022-3088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0 Made \u00a0ARM-Based\u00a0Computers\u00a0 Improper Privilege Management Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002764"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3391"
}
],
"trust": 0.6
}
}
CVE-2023-1257 (GCVE-0-2023-1257)
Vulnerability from nvd – Published: 2023-03-07 16:54 – Updated: 2025-01-16 21:55
VLAI?
Title
CVE-2023-1257
Summary
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.
Severity ?
7.6 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MOXA | UC-8580 Series |
Affected:
V1.1
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:31:37.359721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:55:20.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UC-8580 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.1"
}
]
},
{
"product": "UC-8540 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.2"
}
]
},
{
"product": "UC-8410A Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V2.2"
}
]
},
{
"product": "UC-8200 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V2.4"
}
]
},
{
"product": "UC-8100A-ME-T Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.1"
}
]
},
{
"product": "UC-8100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-5100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-3100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2 to V2.0"
}
]
},
{
"product": "UC-2100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
},
{
"product": "UC-2100-W Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u2019s authentication files to create a new user and gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1263",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:54:21.053Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1257",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1257"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1257",
"datePublished": "2023-03-07T16:54:21.053Z",
"dateReserved": "2023-03-07T16:16:20.728Z",
"dateUpdated": "2025-01-16T21:55:20.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1257 (GCVE-0-2023-1257)
Vulnerability from cvelistv5 – Published: 2023-03-07 16:54 – Updated: 2025-01-16 21:55
VLAI?
Title
CVE-2023-1257
Summary
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.
Severity ?
7.6 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MOXA | UC-8580 Series |
Affected:
V1.1
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:31:37.359721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:55:20.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UC-8580 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.1"
}
]
},
{
"product": "UC-8540 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.2"
}
]
},
{
"product": "UC-8410A Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V2.2"
}
]
},
{
"product": "UC-8200 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V2.4"
}
]
},
{
"product": "UC-8100A-ME-T Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.1"
}
]
},
{
"product": "UC-8100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-5100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-3100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2 to V2.0"
}
]
},
{
"product": "UC-2100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
},
{
"product": "UC-2100-W Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u2019s authentication files to create a new user and gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1263",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:54:21.053Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1257",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1257"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1257",
"datePublished": "2023-03-07T16:54:21.053Z",
"dateReserved": "2023-03-07T16:16:20.728Z",
"dateUpdated": "2025-01-16T21:55:20.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2022-AVI-1045
Vulnerability from certfr_avis - Published: 2022-11-22 - Updated: 2022-11-22
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | UC-3100 Series | UC-3100 Series versions v1.0 à v1.6 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | N/A | UC-5100 Series versions v1.0 à v1.4 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | N/A | UC-2100-W Series versions v1.0 à v1.12 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8100A-ME-T Series | UC-8100A-ME-T Series versions v1.0 à v1.6 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | N/A | AIG-300 Series versions v1.0 à v1.4 sans la dernière version de ThingsPro Proxy | ||
| Moxa | N/A | UC-8100-ME-T Series versions v3.0 et v3.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8100 Series | UC-8100 Series versions v3.0 à v3.5 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8580 Series | UC-8580 Series (avec Debian 9) versions v2.0 et v2.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8410A Series | UC-8410A Series (avec Debian 9) versions v4.0.2 et v4.1.2 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-2100 Series | UC-2100 Series versions v1.0 à v1.12 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | N/A | DA-662C-16-LX Series (GLB) versions v1.0.2 à 1.1.2 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8540 Series | UC-8540 Series (avec Debian 9) versions v2.0 et v2.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8200 Series | UC-8200 Series versions v1.0 à v1.5 sans le paquet moxa-version_1.3.3+deb9_armhf.deb |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "UC-3100 Series versions v1.0 \u00e0 v1.6 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-3100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-5100 Series versions v1.0 \u00e0 v1.4 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-2100-W Series versions v1.0 \u00e0 v1.12 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100A-ME-T Series versions v1.0 \u00e0 v1.6 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8100A-ME-T Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AIG-300 Series versions v1.0 \u00e0 v1.4 sans la derni\u00e8re version de ThingsPro Proxy",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100-ME-T Series versions v3.0 et v3.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100 Series versions v3.0 \u00e0 v3.5 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8580 Series (avec Debian 9) versions v2.0 et v2.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8580 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8410A Series (avec Debian 9) versions v4.0.2 et v4.1.2 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8410A Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-2100 Series versions v1.0 \u00e0 v1.12 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-2100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-662C-16-LX Series (GLB) versions v1.0.2 \u00e0 1.1.2 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8540 Series (avec Debian 9) versions v2.0 et v2.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8540 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8200 Series versions v1.0 \u00e0 v1.5 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8200 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3088",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3088"
}
],
"initial_release_date": "2022-11-22T00:00:00",
"last_revision_date": "2022-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1045",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Moxa. Elle permet \u00e0\nun attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa du 22 novembre 2022",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/arm-based-computer-improper-privilege-management-vulnerability"
}
]
}
CERTFR-2021-AVI-127
Vulnerability from certfr_avis - Published: 2021-02-17 - Updated: 2021-02-17
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | MPC-2120 Series | MPC-2120 Series DA | ||
| Moxa | DA-682C Series | DA-682C Series DA | ||
| Moxa | UC-3100 Series | UC-3100 Series DA | ||
| Moxa | N/A | V2426A Series DA | ||
| Moxa | N/A | V2416A Series DA | ||
| Moxa | DA-681A Series | DA-681A Series DA | ||
| Moxa | UC-8410A Series | UC-8410A Series DA | ||
| Moxa | DA-820C Series | DA-820C Series DA | ||
| Moxa | MPC-2070 Series | MPC-2070 Series DA | ||
| Moxa | UC-2100 Series | UC-2100 Series DA | ||
| Moxa | DA-720 Series | DA-720 Series DA | ||
| Moxa | MPC-2121 Series | MPC-2121 Series DA | ||
| Moxa | DA-681C Series | DA-681C Series DA | ||
| Moxa | V2201 Series | V2201 Series DA | ||
| Moxa | UC-8200 Series | UC-8200 Series DA | ||
| Moxa | N/A | V2406A Series DA | ||
| Moxa | N/A | V2403 Series DA | ||
| Moxa | MPC-2101 Series | MPC-2101 Series DA | ||
| Moxa | N/A | UC-5100 Series DA | ||
| Moxa | V2406C Series | V2406C Series DA | ||
| Moxa | UC-8540 Series | UC-8540 Series DA | ||
| Moxa | N/A | UC-2100-W Series DA | ||
| Moxa | N/A | MC-1200 Series DA | ||
| Moxa | UC-8100A-ME-T Series | UC-8100A-ME-T Series DA | ||
| Moxa | UC-8100 Series | UC-8100 Series DA | ||
| Moxa | ioThinx 4530 Series | ioThinx 4530 Series DA | ||
| Moxa | N/A | V2616A Series DA | ||
| Moxa | UC-8580 Series | UC-8580 Series DA | ||
| Moxa | MC-1100 Series | MC-1100 Series DA | ||
| Moxa | N/A | UC-8100-ME-T Series DA |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MPC-2120 Series DA",
"product": {
"name": "MPC-2120 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-682C Series DA",
"product": {
"name": "DA-682C Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-3100 Series DA",
"product": {
"name": "UC-3100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2426A Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2416A Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-681A Series DA",
"product": {
"name": "DA-681A Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8410A Series DA",
"product": {
"name": "UC-8410A Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-820C Series DA",
"product": {
"name": "DA-820C Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MPC-2070 Series DA",
"product": {
"name": "MPC-2070 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-2100 Series DA",
"product": {
"name": "UC-2100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-720 Series DA",
"product": {
"name": "DA-720 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MPC-2121 Series DA",
"product": {
"name": "MPC-2121 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-681C Series DA",
"product": {
"name": "DA-681C Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2201 Series DA",
"product": {
"name": "V2201 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8200 Series DA",
"product": {
"name": "UC-8200 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2406A Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2403 Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MPC-2101 Series DA",
"product": {
"name": "MPC-2101 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-5100 Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2406C Series DA",
"product": {
"name": "V2406C Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8540 Series DA",
"product": {
"name": "UC-8540 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-2100-W Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MC-1200 Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100A-ME-T Series DA",
"product": {
"name": "UC-8100A-ME-T Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100 Series DA",
"product": {
"name": "UC-8100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "ioThinx 4530 Series DA",
"product": {
"name": "ioThinx 4530 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2616A Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8580 Series DA",
"product": {
"name": "UC-8580 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MC-1100 Series DA",
"product": {
"name": "MC-1100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100-ME-T Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
}
],
"initial_release_date": "2021-02-17T00:00:00",
"last_revision_date": "2021-02-17T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-127",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Moxa. Elle permet \u00e0\nun attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa cve-2021-3156 du 17 f\u00e9vrier 2021",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/moxa-response-regarding-sudo-heap-based-buffer-overflow-vulnerability-cve-2021-3156"
}
]
}