CVE-2023-1257

6.8MEDIUM

Key Information

Vendor: MOXA
Status: UC-8580 Series; UC-8540 Series; UC-8410A Series; UC-8200 Series
Vendor: CVE Published:; 7 March 2023

Summary

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.

Affected Version(s)

UC-8580 Series = V1.1

UC-8540 Series = V1.0 to V1.2

UC-8410A Series = V2.2

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved.
Mar 7, 2023
Vulnerability published.
Mar 7, 2023

Collectors

NVD DatabaseMitre Database