CVE-2023-1257

Summary

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.

Affected Software

VendorProductVersion RangeStatus
MOXAUC-8580 SeriesV1.1affected
MOXAUC-8540 SeriesV1.0 to V1.2affected
MOXAUC-8410A SeriesV2.2affected
MOXAUC-8200 SeriesV1.0 to V2.4affected
MOXAUC-8100A-ME-T SeriesV1.0 to V1.1affected
MOXAUC-8100 SeriesV1.2affected
MOXAUC-5100 SeriesV1.2affected
MOXAUC-3100 SeriesV1.2 to V2.0affected
MOXAUC-2100 SeriesV1.3 to V1.5affected
MOXAUC-2100-W SeriesV1.3 to V1.5affected

Weaknesses

  • CWE-1263

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References