Lucene search

[email protected]CVE-2023-1257

HistoryMar 07, 2023 - 5:15 p.m.

CVE-2023-1257

2023-03-0717:15:12

[email protected]

web.nvd.nist.gov

cve-2023-1257

moxa uc series

device security

physical access

bios vulnerability

authentication files

system access

7.6 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.1%

JSON

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.

Affected configurations

NVD

Node

moxauc-2101-lx_firmwareRange1.3–1.5

AND

moxauc-2101-lxMatch-

Node

moxauc-2102-lx_firmwareRange1.3–1.5

AND

moxauc-2102-lxMatch-

Node

moxauc-2102-t-lx_firmwareRange1.3–1.5

AND

moxauc-2102-t-lxMatch-

Node

moxauc-2104-lx_firmwareRange1.3–1.5

AND

moxauc-2104-lxMatch-

Node

moxauc-2111-lx_firmwareRange1.3–1.5

AND

moxauc-2111-lxMatch-

Node

moxauc-2112-lx_firmwareRange1.3–1.5

AND

moxauc-2112-lxMatch-

Node

moxauc-2114-t-lx_firmwareRange1.3–1.5

moxauc-2114-t-lx_firmwareMatch-

AND

moxauc-2114-t-lxMatch-

Node

moxauc-2116-t-lx_firmwareRange1.3–1.5

AND

moxauc-2116-t-lxMatch-

Node

moxauc-3101-t-ap-lx_firmwareRange1.2–2.0

AND

moxauc-3101-t-ap-lxMatch-

Node

moxauc-3101-t-eu-lx_firmwareRange1.2–2.0

AND

moxauc-3101-t-eu-lxMatch-

Node

moxauc-3101-t-us-lx_firmwareRange1.2–2.0

AND

moxauc-3101-t-us-lxMatch-

Node

moxauc-3111-t-ap-lx_firmwareRange1.2–2.0

AND

moxauc-3111-t-ap-lxMatch-

Node

moxauc-3111-t-ap-lx-nw_firmwareRange1.2–2.0

AND

moxauc-3111-t-ap-lx-nwMatch-

Node

moxauc-3111-t-eu-lx_firmwareRange1.2–2.0

AND

moxauc-3111-t-eu-lxMatch-

Node

moxauc-3111-t-eu-lx-nw_firmwareRange1.2–2.0

AND

moxauc-3111-t-eu-lx-nwMatch-

Node

moxauc-3111-t-us-lx_firmwareRange1.2–2.0

AND

moxauc-3111-t-us-lxMatch-

Node

moxauc-3111-t-us-lx-nw_firmwareRange1.2–2.0

AND

moxauc-3111-t-us-lx-nwMatch-

Node

moxauc-3121-t-ap-lx_firmwareRange1.2–2.0

AND

moxauc-3121-t-ap-lxMatch-

Node

moxauc-3121-t-eu-lx_firmwareRange1.2–2.0

AND

moxauc-3121-t-eu-lxMatch-

Node

moxauc-3121-t-us-lx_firmwareRange1.2–2.0

AND

moxauc-3121-t-us-lxMatch-

Node

moxauc-5101-lx_firmwareMatch1.2

AND

moxauc-5101-lxMatch-

Node

moxauc-5101-t-lx_firmwareMatch1.2

AND

moxauc-5101-t-lxMatch-

Node

moxauc-5102-lx_firmwareMatch1.2

AND

moxauc-5102-lxMatch-

Node

moxauc-5102-t-lx_firmwareMatch1.2

AND

moxauc-5102-t-lxMatch-

Node

moxauc-5111-lx_firmwareMatch1.2

AND

moxauc-5111-lxMatch-

Node

moxauc-5111-t-lx_firmwareMatch1.2

AND

moxauc-5111-t-lxMatch-

Node

moxauc-5112-lx_firmwareMatch1.2

AND

moxauc-5112-lxMatch-

Node

moxauc-5112-t-lx_firmwareMatch1.2

AND

moxauc-5112-t-lxMatch-

Node

moxauc-8112-lx_firmwareMatch1.2

AND

moxauc-8112-lxMatch-

Node

moxauc-8131-lx_firmwareMatch1.2

AND

moxauc-8131-lxMatch-

Node

moxauc-8132-lx_firmwareMatch1.2

AND

moxauc-8132-lxMatch-

Node

moxauc-8162-lx_firmwareMatch1.2

AND

moxauc-8162-lxMatch-

Node

moxauc-8112-me-t-lx_firmwareRange1.0–1.1

AND

moxauc-8112-me-t-lxMatch-

Node

moxauc-8112-me-t-lx1_firmwareRange1.0–1.1

AND

moxauc-8112-me-t-lx1Match-

Node

moxauc-8112a-me-t-lx_firmwareRange1.0–1.1

AND

moxauc-8112a-me-t-lxMatch-

Node

moxauc-8210-t-lx-s_firmwareRange1.0–2.4

AND

moxauc-8210-t-lx-sMatch-

Node

moxauc-8220-t-lx_firmwareRange1.0–2.4

AND

moxauc-8220-t-lxMatch-

Node

moxauc-8220-t-lx-ap-s_firmwareRange1.0–2.4

AND

moxauc-8220-t-lx-ap-sMatch-

Node

moxauc-8220-t-lx-eu-s_firmwareRange1.0–2.4

AND

moxauc-8220-t-lx-eu-sMatch-

Node

moxauc-8220-t-lx-s_firmwareRange1.0–2.4

AND

moxauc-8220-t-lx-sMatch-

Node

moxauc-8220-t-lx-us-s_firmwareRange1.0–2.4

AND

moxauc-8220-t-lx-us-sMatch-

Node

moxauc-8410a-lx_firmwareMatch2.2

AND

moxauc-8410a-lxMatch-

Node

moxauc-8410a-nw-lx_firmwareMatch2.2

AND

moxauc-8410a-nw-lxMatch-

Node

moxauc-8410a-nw-t-lx_firmwareMatch2.2

AND

moxauc-8410a-nw-t-lxMatch-

Node

moxauc-8410a-t-lx_firmwareMatch2.2

AND

moxauc-8410a-t-lxMatch-

Node

moxauc-8540-lx_firmwareRange1.0–1.2

AND

moxauc-8540-lxMatch-

Node

moxauc-8540-t-ct-lx_firmwareRange1.0–1.2

AND

moxauc-8540-t-ct-lxMatch-

Node

moxauc-8540-t-lx_firmwareRange1.0–1.2

AND

moxauc-8540-t-lxMatch-

Node

moxauc-8580-lx_firmwareMatch1.1

AND

moxauc-8580-lxMatch-

Node

moxauc-8580-q-lx_firmwareMatch1.1

AND

moxauc-8580-q-lxMatch-

Node

moxauc-8580-t-ct-lx_firmwareMatch1.1

AND

moxauc-8580-t-ct-lxMatch-

Node

moxauc-8580-t-ct-q-lx_firmwareMatch1.1

AND

moxauc-8580-t-ct-q-lxMatch-

Node

moxauc-8580-t-lx_firmwareMatch1.1

AND

moxauc-8580-t-lxMatch-

Node

moxauc-8580-t-q-lx_firmwareMatch1.1

AND

moxauc-8580-t-q-lxMatch-

CPENameOperatorVersion
moxa:uc-2101-lx_firmwaremoxa uc-2101-lx firmwarele1.5

CPE	Name	Operator	Version
moxa:uc-2101-lx_firmware	moxa uc-2101-lx firmware	le	1.5

CNA Affected

[
  {
    "vendor": "MOXA",
    "product": "UC-8580 Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.1"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-8540 Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.0 to V1.2"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-8410A Series",
    "versions": [
      {
        "status": "affected",
        "version": "V2.2"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-8200 Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.0 to V2.4"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-8100A-ME-T Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.0 to V1.1"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-8100 Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.2"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-5100 Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.2"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-3100 Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.2 to V2.0"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-2100 Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.3 to V1.5"
      }
    ]
  },
  {
    "vendor": "MOXA",
    "product": "UC-2100-W Series",
    "versions": [
      {
        "status": "affected",
        "version": "V1.3 to V1.5"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-333-04

7.6 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.1%

JSON

Related for CVE-2023-1257

ics1 nvd1 cvelist1 prion1