CVE-2023-1257
7.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MOXA | UC-8580 Series | V1.1 | affected |
| MOXA | UC-8540 Series | V1.0 to V1.2 | affected |
| MOXA | UC-8410A Series | V2.2 | affected |
| MOXA | UC-8200 Series | V1.0 to V2.4 | affected |
| MOXA | UC-8100A-ME-T Series | V1.0 to V1.1 | affected |
| MOXA | UC-8100 Series | V1.2 | affected |
| MOXA | UC-5100 Series | V1.2 | affected |
| MOXA | UC-3100 Series | V1.2 to V2.0 | affected |
| MOXA | UC-2100 Series | V1.3 to V1.5 | affected |
| MOXA | UC-2100-W Series | V1.3 to V1.5 | affected |
Weaknesses
- CWE-1263
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.