CVE-2023-1257

CVE-2023-1257
6.8MEDIUM

Key Information

Vendor
MOXA
Status
UC-8580 Series
UC-8540 Series
UC-8410A Series
UC-8200 Series
Vendor
CVE Published:
7 March 2023

Summary

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.

Affected Version(s)

UC-8580 Series = V1.1

UC-8540 Series = V1.0 to V1.2

UC-8410A Series = V2.2

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved.

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database
.