CVE-2022-3088

high-risk
Published 2022-11-28

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Uc-2101-Lx Firmware
Uc-2102-Lx Firmware
Uc-2104-Lx Firmware
Uc-2111-Lx Firmware
Uc-2112-Lx Firmware
Uc-2102-T-Lx Firmware
Uc-2114-T-Lx Firmware
Uc-2116-T-Lx Firmware
Uc-3101-T-Us-Lx Firmware
Uc-3101-T-Eu-Lx Firmware
Uc-3111-T-Us-Lx Firmware
Uc-3111-T-Eu-Lx Firmware
Uc-3121-T-Us-Lx Firmware
Uc-3121-T-Eu-Lx Firmware
Uc-3101-T-Ap-Lx Firmware
Uc-3111-T-Ap-Lx Firmware
Uc-3121-T-Ap-Lx Firmware
Uc-3111-T-Eu-Lx-Nw Firmware
Uc-3111-T-Ap-Lx-Nw Firmware
Uc-3111-T-Us-Lx-Nw Firmware

Affected Vendors

Moxa

References (2)

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05
Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05
52
/ 100
high-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 28/34 · Critical