Lucene search
HistoryMar 07, 2023 - 5:15 p.m.
CVE-2023-1257
physical access
bios
command line
authentication files
new user
unauthorized access
terminal
CVSS3
6.8
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
25.9%
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the deviceβs authentication files to create a new user and gain full access to the system.
Affected configurations
Node
moxauc-2101-lx_firmwareRange1.3β1.5
moxauc-2101-lxMatch-
Node
moxauc-2102-lx_firmwareRange1.3β1.5
moxauc-2102-lxMatch-
Node
moxauc-2102-t-lx_firmwareRange1.3β1.5
moxauc-2102-t-lxMatch-
Node
moxauc-2104-lx_firmwareRange1.3β1.5
moxauc-2104-lxMatch-
Node
moxauc-2111-lx_firmwareRange1.3β1.5
moxauc-2111-lxMatch-
Node
moxauc-2112-lx_firmwareRange1.3β1.5
moxauc-2112-lxMatch-
Node
moxauc-2114-t-lx_firmwareRange1.3β1.5
ORmoxauc-2114-t-lx_firmwareMatch-
moxauc-2114-t-lxMatch-
Node
moxauc-2116-t-lx_firmwareRange1.3β1.5
moxauc-2116-t-lxMatch-
Node
moxauc-3101-t-ap-lx_firmwareRange1.2β2.0
moxauc-3101-t-ap-lxMatch-
Node
moxauc-3101-t-eu-lx_firmwareRange1.2β2.0
moxauc-3101-t-eu-lxMatch-
Node
moxauc-3101-t-us-lx_firmwareRange1.2β2.0
moxauc-3101-t-us-lxMatch-
Node
moxauc-3111-t-ap-lx_firmwareRange1.2β2.0
moxauc-3111-t-ap-lxMatch-
Node
moxauc-3111-t-ap-lx-nw_firmwareRange1.2β2.0
moxauc-3111-t-ap-lx-nwMatch-
Node
moxauc-3111-t-eu-lx_firmwareRange1.2β2.0
moxauc-3111-t-eu-lxMatch-
Node
moxauc-3111-t-eu-lx-nw_firmwareRange1.2β2.0
moxauc-3111-t-eu-lx-nwMatch-
Node
moxauc-3111-t-us-lx_firmwareRange1.2β2.0
moxauc-3111-t-us-lxMatch-
Node
moxauc-3111-t-us-lx-nw_firmwareRange1.2β2.0
moxauc-3111-t-us-lx-nwMatch-
Node
moxauc-3121-t-ap-lx_firmwareRange1.2β2.0
moxauc-3121-t-ap-lxMatch-
Node
moxauc-3121-t-eu-lx_firmwareRange1.2β2.0
moxauc-3121-t-eu-lxMatch-
Node
moxauc-3121-t-us-lx_firmwareRange1.2β2.0
moxauc-3121-t-us-lxMatch-
Node
moxauc-5101-lx_firmwareMatch1.2
moxauc-5101-lxMatch-
Node
moxauc-5101-t-lx_firmwareMatch1.2
moxauc-5101-t-lxMatch-
Node
moxauc-5102-lx_firmwareMatch1.2
moxauc-5102-lxMatch-
Node
moxauc-5102-t-lx_firmwareMatch1.2
moxauc-5102-t-lxMatch-
Node
moxauc-5111-lx_firmwareMatch1.2
moxauc-5111-lxMatch-
Node
moxauc-5111-t-lx_firmwareMatch1.2
moxauc-5111-t-lxMatch-
Node
moxauc-5112-lx_firmwareMatch1.2
moxauc-5112-lxMatch-
Node
moxauc-5112-t-lx_firmwareMatch1.2
moxauc-5112-t-lxMatch-
Node
moxauc-8112-lx_firmwareMatch1.2
moxauc-8112-lxMatch-
Node
moxauc-8131-lx_firmwareMatch1.2
moxauc-8131-lxMatch-
Node
moxauc-8132-lx_firmwareMatch1.2
moxauc-8132-lxMatch-
Node
moxauc-8162-lx_firmwareMatch1.2
moxauc-8162-lxMatch-
Node
moxauc-8112-me-t-lx_firmwareRange1.0β1.1
moxauc-8112-me-t-lxMatch-
Node
moxauc-8112-me-t-lx1_firmwareRange1.0β1.1
moxauc-8112-me-t-lx1Match-
Node
moxauc-8112a-me-t-lx_firmwareRange1.0β1.1
moxauc-8112a-me-t-lxMatch-
Node
moxauc-8210-t-lx-s_firmwareRange1.0β2.4
moxauc-8210-t-lx-sMatch-
Node
moxauc-8220-t-lx_firmwareRange1.0β2.4
moxauc-8220-t-lxMatch-
Node
moxauc-8220-t-lx-ap-s_firmwareRange1.0β2.4
moxauc-8220-t-lx-ap-sMatch-
Node
moxauc-8220-t-lx-eu-s_firmwareRange1.0β2.4
moxauc-8220-t-lx-eu-sMatch-
Node
moxauc-8220-t-lx-s_firmwareRange1.0β2.4
moxauc-8220-t-lx-sMatch-
Node
moxauc-8220-t-lx-us-s_firmwareRange1.0β2.4
moxauc-8220-t-lx-us-sMatch-
Node
moxauc-8410a-lx_firmwareMatch2.2
moxauc-8410a-lxMatch-
Node
moxauc-8410a-nw-lx_firmwareMatch2.2
moxauc-8410a-nw-lxMatch-
Node
moxauc-8410a-nw-t-lx_firmwareMatch2.2
moxauc-8410a-nw-t-lxMatch-
Node
moxauc-8410a-t-lx_firmwareMatch2.2
moxauc-8410a-t-lxMatch-
Node
moxauc-8540-lx_firmwareRange1.0β1.2
moxauc-8540-lxMatch-
Node
moxauc-8540-t-ct-lx_firmwareRange1.0β1.2
moxauc-8540-t-ct-lxMatch-
Node
moxauc-8540-t-lx_firmwareRange1.0β1.2
moxauc-8540-t-lxMatch-
Node
moxauc-8580-lx_firmwareMatch1.1
moxauc-8580-lxMatch-
Node
moxauc-8580-q-lx_firmwareMatch1.1
moxauc-8580-q-lxMatch-
Node
moxauc-8580-t-ct-lx_firmwareMatch1.1
moxauc-8580-t-ct-lxMatch-
Node
moxauc-8580-t-ct-q-lx_firmwareMatch1.1
moxauc-8580-t-ct-q-lxMatch-
Node
moxauc-8580-t-lx_firmwareMatch1.1
moxauc-8580-t-lxMatch-
Node
moxauc-8580-t-q-lx_firmwareMatch1.1
moxauc-8580-t-q-lxMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moxa | uc-2101-lx_firmware | * | cpe:2.3:o:moxa:uc-2101-lx_firmware:*:*:*:*:*:*:*:* |
| moxa | uc-2101-lx | - | cpe:2.3:h:moxa:uc-2101-lx:-:*:*:*:*:*:*:* |
| moxa | uc-2102-lx_firmware | * | cpe:2.3:o:moxa:uc-2102-lx_firmware:*:*:*:*:*:*:*:* |
| moxa | uc-2102-lx | - | cpe:2.3:h:moxa:uc-2102-lx:-:*:*:*:*:*:*:* |
| moxa | uc-2102-t-lx_firmware | * | cpe:2.3:o:moxa:uc-2102-t-lx_firmware:*:*:*:*:*:*:*:* |
| moxa | uc-2102-t-lx | - | cpe:2.3:h:moxa:uc-2102-t-lx:-:*:*:*:*:*:*:* |
| moxa | uc-2104-lx_firmware | * | cpe:2.3:o:moxa:uc-2104-lx_firmware:*:*:*:*:*:*:*:* |
| moxa | uc-2104-lx | - | cpe:2.3:h:moxa:uc-2104-lx:-:*:*:*:*:*:*:* |
| moxa | uc-2111-lx_firmware | * | cpe:2.3:o:moxa:uc-2111-lx_firmware:*:*:*:*:*:*:*:* |
| moxa | uc-2111-lx | - | cpe:2.3:h:moxa:uc-2111-lx:-:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2023-1257
2023-03-07 17:15:12
prion
prion
Design/Logic Flaw
2023-03-07 17:15:00
ics
ics
Moxa UC Series (Update A)
2023-02-23 12:00:00
cvelist
cvelist
CVE-2023-1257 CVE-2023-1257
2023-03-07 16:54:21
CVSS3
6.8
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
25.9%
Related for NVD:CVE-2023-1257