Search
Find a vulnerability
Search criteria
4 vulnerabilities found for uc-8220-t-lx-s_firmware by moxa
CVE-2023-1257 (GCVE-0-2023-1257)
Vulnerability from nvd – Published: 2023-03-07 16:54 – Updated: 2025-01-16 21:55
VLAI
Title
CVE-2023-1257
Summary
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| MOXA | UC-8580 Series |
Affected:
V1.1
|
|
| MOXA | UC-8540 Series |
Affected:
V1.0 to V1.2
|
|
| MOXA | UC-8410A Series |
Affected:
V2.2
|
|
| MOXA | UC-8200 Series |
Affected:
V1.0 to V2.4
|
|
| MOXA | UC-8100A-ME-T Series |
Affected:
V1.0 to V1.1
|
|
| MOXA | UC-8100 Series |
Affected:
V1.2
|
|
| MOXA | UC-5100 Series |
Affected:
V1.2
|
|
| MOXA | UC-3100 Series |
Affected:
V1.2 to V2.0
|
|
| MOXA | UC-2100 Series |
Affected:
V1.3 to V1.5
|
|
| MOXA | UC-2100-W Series |
Affected:
V1.3 to V1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:31:37.359721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:55:20.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UC-8580 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.1"
}
]
},
{
"product": "UC-8540 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.2"
}
]
},
{
"product": "UC-8410A Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V2.2"
}
]
},
{
"product": "UC-8200 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V2.4"
}
]
},
{
"product": "UC-8100A-ME-T Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.1"
}
]
},
{
"product": "UC-8100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-5100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-3100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2 to V2.0"
}
]
},
{
"product": "UC-2100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
},
{
"product": "UC-2100-W Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u2019s authentication files to create a new user and gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1263",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:54:21.053Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1257",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1257"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1257",
"datePublished": "2023-03-07T16:54:21.053Z",
"dateReserved": "2023-03-07T16:16:20.728Z",
"dateUpdated": "2025-01-16T21:55:20.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3088 (GCVE-0-2022-3088)
Vulnerability from nvd – Published: 2022-11-22 00:00 – Updated: 2025-04-16 17:42
VLAI
Summary
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | UC-8100A-ME-T System Imaage |
Affected:
1.0 , ≤ 1.6
(custom)
|
|
| Moxa | UC-2100 System Image |
Affected:
1.0 , ≤ 1.12
(custom)
|
|
| Moxa | UC-2100-W System Image |
Affected:
1.0 , ≤ 1.12
(custom)
|
|
| Moxa | UC-3100 System Image |
Affected:
1.0 , ≤ 1.6
(custom)
|
|
| Moxa | UC-5100 System Image |
Affected:
1.0 , ≤ 1.4
(custom)
|
|
| Moxa | UC-8100 System Image |
Affected:
3.0 , ≤ 3.5
(custom)
|
|
| Moxa | UC-8100-ME-T System Image |
Affected:
3.0 , ≤ 3.1
(custom)
|
|
| Moxa | UC-8200 System Image |
Affected:
1.0 , ≤ 1.5
(custom)
|
|
| Moxa | AIG-300 System Image |
Affected:
1.0 , ≤ 1.4
(custom)
|
|
| Moxa | UC-8410A with Debian 9 System Image |
Affected:
4.0.2 and 4.1.2
|
|
| Moxa | UC-8580 with Debian 9 System Image |
Affected:
2.0 and 2.1
|
|
| Moxa | UC-8540 with Debian 9 System Image |
Affected:
2.0 and 2.1
|
|
| Moxa | DA-662C-16-LX (GLB) System Image |
Affected:
1.0.2 , ≤ 1.1.2
(custom)
|
Date Public
2022-11-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:51.797778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:42:25.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UC-8100A-ME-T System Imaage",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-2100 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-2100-W System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-3100 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-5100 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-8100 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"product": "UC-8100-ME-T System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"product": "UC-8200 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "AIG-300 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-8410A with Debian 9 System Image",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "4.0.2 and 4.1.2"
}
]
},
{
"product": "UC-8580 with Debian 9 System Image",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "2.0 and 2.1"
}
]
},
{
"product": "UC-8540 with Debian 9 System Image",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "2.0 and 2.1"
}
]
},
{
"product": "DA-662C-16-LX (GLB) System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "En Garde ICSRange research team reported this vulnerability to CISA. "
}
],
"datePublic": "2022-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12,\u0026nbsp;UC-3100 System Image: Versions v1.0 to v1.6,\u0026nbsp;UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa\u0027s ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05"
}
],
"solutions": [
{
"lang": "en",
"value": "Moxa developed updates to address this vulnerability. Users should follow the instructions in Moxa\u0027s security advisory to update their system image. "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3088",
"datePublished": "2022-11-22T00:00:00.000Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:42:25.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1257 (GCVE-0-2023-1257)
Vulnerability from cvelistv5 – Published: 2023-03-07 16:54 – Updated: 2025-01-16 21:55
VLAI
Title
CVE-2023-1257
Summary
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| MOXA | UC-8580 Series |
Affected:
V1.1
|
|
| MOXA | UC-8540 Series |
Affected:
V1.0 to V1.2
|
|
| MOXA | UC-8410A Series |
Affected:
V2.2
|
|
| MOXA | UC-8200 Series |
Affected:
V1.0 to V2.4
|
|
| MOXA | UC-8100A-ME-T Series |
Affected:
V1.0 to V1.1
|
|
| MOXA | UC-8100 Series |
Affected:
V1.2
|
|
| MOXA | UC-5100 Series |
Affected:
V1.2
|
|
| MOXA | UC-3100 Series |
Affected:
V1.2 to V2.0
|
|
| MOXA | UC-2100 Series |
Affected:
V1.3 to V1.5
|
|
| MOXA | UC-2100-W Series |
Affected:
V1.3 to V1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:31:37.359721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:55:20.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UC-8580 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.1"
}
]
},
{
"product": "UC-8540 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.2"
}
]
},
{
"product": "UC-8410A Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V2.2"
}
]
},
{
"product": "UC-8200 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V2.4"
}
]
},
{
"product": "UC-8100A-ME-T Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.1"
}
]
},
{
"product": "UC-8100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-5100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-3100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2 to V2.0"
}
]
},
{
"product": "UC-2100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
},
{
"product": "UC-2100-W Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u2019s authentication files to create a new user and gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1263",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:54:21.053Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1257",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1257"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1257",
"datePublished": "2023-03-07T16:54:21.053Z",
"dateReserved": "2023-03-07T16:16:20.728Z",
"dateUpdated": "2025-01-16T21:55:20.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3088 (GCVE-0-2022-3088)
Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-04-16 17:42
VLAI
Summary
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | UC-8100A-ME-T System Imaage |
Affected:
1.0 , ≤ 1.6
(custom)
|
|
| Moxa | UC-2100 System Image |
Affected:
1.0 , ≤ 1.12
(custom)
|
|
| Moxa | UC-2100-W System Image |
Affected:
1.0 , ≤ 1.12
(custom)
|
|
| Moxa | UC-3100 System Image |
Affected:
1.0 , ≤ 1.6
(custom)
|
|
| Moxa | UC-5100 System Image |
Affected:
1.0 , ≤ 1.4
(custom)
|
|
| Moxa | UC-8100 System Image |
Affected:
3.0 , ≤ 3.5
(custom)
|
|
| Moxa | UC-8100-ME-T System Image |
Affected:
3.0 , ≤ 3.1
(custom)
|
|
| Moxa | UC-8200 System Image |
Affected:
1.0 , ≤ 1.5
(custom)
|
|
| Moxa | AIG-300 System Image |
Affected:
1.0 , ≤ 1.4
(custom)
|
|
| Moxa | UC-8410A with Debian 9 System Image |
Affected:
4.0.2 and 4.1.2
|
|
| Moxa | UC-8580 with Debian 9 System Image |
Affected:
2.0 and 2.1
|
|
| Moxa | UC-8540 with Debian 9 System Image |
Affected:
2.0 and 2.1
|
|
| Moxa | DA-662C-16-LX (GLB) System Image |
Affected:
1.0.2 , ≤ 1.1.2
(custom)
|
Date Public
2022-11-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:51.797778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:42:25.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UC-8100A-ME-T System Imaage",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-2100 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-2100-W System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-3100 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-5100 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-8100 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.5",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"product": "UC-8100-ME-T System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"product": "UC-8200 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "AIG-300 System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "UC-8410A with Debian 9 System Image",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "4.0.2 and 4.1.2"
}
]
},
{
"product": "UC-8580 with Debian 9 System Image",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "2.0 and 2.1"
}
]
},
{
"product": "UC-8540 with Debian 9 System Image",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "2.0 and 2.1"
}
]
},
{
"product": "DA-662C-16-LX (GLB) System Image",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "En Garde ICSRange research team reported this vulnerability to CISA. "
}
],
"datePublic": "2022-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12,\u0026nbsp;UC-3100 System Image: Versions v1.0 to v1.6,\u0026nbsp;UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa\u0027s ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05"
}
],
"solutions": [
{
"lang": "en",
"value": "Moxa developed updates to address this vulnerability. Users should follow the instructions in Moxa\u0027s security advisory to update their system image. "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3088",
"datePublished": "2022-11-22T00:00:00.000Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:42:25.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}