Refine your search
3 vulnerabilities found for UC-8100A-ME-T Series by MOXA
CVE-2023-1257 (GCVE-0-2023-1257)
Vulnerability from cvelistv5
Published
2023-03-07 16:54
Modified
2025-01-16 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MOXA | UC-8580 Series |
Version: V1.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:31:37.359721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:55:20.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UC-8580 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.1"
}
]
},
{
"product": "UC-8540 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.2"
}
]
},
{
"product": "UC-8410A Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V2.2"
}
]
},
{
"product": "UC-8200 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V2.4"
}
]
},
{
"product": "UC-8100A-ME-T Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.0 to V1.1"
}
]
},
{
"product": "UC-8100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-5100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2"
}
]
},
{
"product": "UC-3100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.2 to V2.0"
}
]
},
{
"product": "UC-2100 Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
},
{
"product": "UC-2100-W Series",
"vendor": "MOXA",
"versions": [
{
"status": "affected",
"version": "V1.3 to V1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u2019s authentication files to create a new user and gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1263",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:54:21.053Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1257",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1257"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1257",
"datePublished": "2023-03-07T16:54:21.053Z",
"dateReserved": "2023-03-07T16:16:20.728Z",
"dateUpdated": "2025-01-16T21:55:20.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2022-AVI-1045
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | UC-3100 Series | UC-3100 Series versions v1.0 à v1.6 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | N/A | UC-5100 Series versions v1.0 à v1.4 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | N/A | UC-2100-W Series versions v1.0 à v1.12 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8100A-ME-T Series | UC-8100A-ME-T Series versions v1.0 à v1.6 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | N/A | AIG-300 Series versions v1.0 à v1.4 sans la dernière version de ThingsPro Proxy | ||
| Moxa | N/A | UC-8100-ME-T Series versions v3.0 et v3.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8100 Series | UC-8100 Series versions v3.0 à v3.5 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8580 Series | UC-8580 Series (avec Debian 9) versions v2.0 et v2.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8410A Series | UC-8410A Series (avec Debian 9) versions v4.0.2 et v4.1.2 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-2100 Series | UC-2100 Series versions v1.0 à v1.12 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | N/A | DA-662C-16-LX Series (GLB) versions v1.0.2 à 1.1.2 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8540 Series | UC-8540 Series (avec Debian 9) versions v2.0 et v2.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb | ||
| Moxa | UC-8200 Series | UC-8200 Series versions v1.0 à v1.5 sans le paquet moxa-version_1.3.3+deb9_armhf.deb |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "UC-3100 Series versions v1.0 \u00e0 v1.6 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-3100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-5100 Series versions v1.0 \u00e0 v1.4 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-2100-W Series versions v1.0 \u00e0 v1.12 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100A-ME-T Series versions v1.0 \u00e0 v1.6 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8100A-ME-T Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AIG-300 Series versions v1.0 \u00e0 v1.4 sans la derni\u00e8re version de ThingsPro Proxy",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100-ME-T Series versions v3.0 et v3.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100 Series versions v3.0 \u00e0 v3.5 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8580 Series (avec Debian 9) versions v2.0 et v2.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8580 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8410A Series (avec Debian 9) versions v4.0.2 et v4.1.2 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8410A Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-2100 Series versions v1.0 \u00e0 v1.12 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-2100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-662C-16-LX Series (GLB) versions v1.0.2 \u00e0 1.1.2 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8540 Series (avec Debian 9) versions v2.0 et v2.1 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8540 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8200 Series versions v1.0 \u00e0 v1.5 sans le paquet moxa-version_1.3.3+deb9_armhf.deb",
"product": {
"name": "UC-8200 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3088",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3088"
}
],
"initial_release_date": "2022-11-22T00:00:00",
"last_revision_date": "2022-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1045",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Moxa. Elle permet \u00e0\nun attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa du 22 novembre 2022",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/arm-based-computer-improper-privilege-management-vulnerability"
}
]
}
CERTFR-2021-AVI-127
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | MPC-2120 Series | MPC-2120 Series DA | ||
| Moxa | DA-682C Series | DA-682C Series DA | ||
| Moxa | UC-3100 Series | UC-3100 Series DA | ||
| Moxa | N/A | V2426A Series DA | ||
| Moxa | N/A | V2416A Series DA | ||
| Moxa | DA-681A Series | DA-681A Series DA | ||
| Moxa | UC-8410A Series | UC-8410A Series DA | ||
| Moxa | DA-820C Series | DA-820C Series DA | ||
| Moxa | MPC-2070 Series | MPC-2070 Series DA | ||
| Moxa | UC-2100 Series | UC-2100 Series DA | ||
| Moxa | DA-720 Series | DA-720 Series DA | ||
| Moxa | MPC-2121 Series | MPC-2121 Series DA | ||
| Moxa | DA-681C Series | DA-681C Series DA | ||
| Moxa | V2201 Series | V2201 Series DA | ||
| Moxa | UC-8200 Series | UC-8200 Series DA | ||
| Moxa | N/A | V2406A Series DA | ||
| Moxa | N/A | V2403 Series DA | ||
| Moxa | MPC-2101 Series | MPC-2101 Series DA | ||
| Moxa | N/A | UC-5100 Series DA | ||
| Moxa | V2406C Series | V2406C Series DA | ||
| Moxa | UC-8540 Series | UC-8540 Series DA | ||
| Moxa | N/A | UC-2100-W Series DA | ||
| Moxa | N/A | MC-1200 Series DA | ||
| Moxa | UC-8100A-ME-T Series | UC-8100A-ME-T Series DA | ||
| Moxa | UC-8100 Series | UC-8100 Series DA | ||
| Moxa | ioThinx 4530 Series | ioThinx 4530 Series DA | ||
| Moxa | N/A | V2616A Series DA | ||
| Moxa | UC-8580 Series | UC-8580 Series DA | ||
| Moxa | MC-1100 Series | MC-1100 Series DA | ||
| Moxa | N/A | UC-8100-ME-T Series DA |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MPC-2120 Series DA",
"product": {
"name": "MPC-2120 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-682C Series DA",
"product": {
"name": "DA-682C Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-3100 Series DA",
"product": {
"name": "UC-3100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2426A Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2416A Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-681A Series DA",
"product": {
"name": "DA-681A Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8410A Series DA",
"product": {
"name": "UC-8410A Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-820C Series DA",
"product": {
"name": "DA-820C Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MPC-2070 Series DA",
"product": {
"name": "MPC-2070 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-2100 Series DA",
"product": {
"name": "UC-2100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-720 Series DA",
"product": {
"name": "DA-720 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MPC-2121 Series DA",
"product": {
"name": "MPC-2121 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "DA-681C Series DA",
"product": {
"name": "DA-681C Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2201 Series DA",
"product": {
"name": "V2201 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8200 Series DA",
"product": {
"name": "UC-8200 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2406A Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2403 Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MPC-2101 Series DA",
"product": {
"name": "MPC-2101 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-5100 Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2406C Series DA",
"product": {
"name": "V2406C Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8540 Series DA",
"product": {
"name": "UC-8540 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-2100-W Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MC-1200 Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100A-ME-T Series DA",
"product": {
"name": "UC-8100A-ME-T Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100 Series DA",
"product": {
"name": "UC-8100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "ioThinx 4530 Series DA",
"product": {
"name": "ioThinx 4530 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "V2616A Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8580 Series DA",
"product": {
"name": "UC-8580 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MC-1100 Series DA",
"product": {
"name": "MC-1100 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "UC-8100-ME-T Series DA",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
}
],
"initial_release_date": "2021-02-17T00:00:00",
"last_revision_date": "2021-02-17T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-127",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Moxa. Elle permet \u00e0\nun attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa cve-2021-3156 du 17 f\u00e9vrier 2021",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/moxa-response-regarding-sudo-heap-based-buffer-overflow-vulnerability-cve-2021-3156"
}
]
}