{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0715", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2026-01-08T10:25:24.767Z", "datePublished": "2026-02-05T17:01:20.476Z", "dateUpdated": "2026-02-05T17:34:04.225Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "UC-1200A Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.4", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Cyloq"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with </span><strong>physical access</strong><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;to the device could use this information to access the bootloader menu via a serial interface. &nbsp;Access to the bootloader menu </span><strong>does not allow full system takeover or privilege escalation</strong><span style=\"background-color: rgb(255, 255, 255);\">. The bootloader enforces digital signature verification and only permits flashing of </span><strong>Moxa-signed images</strong><span style=\"background-color: rgb(255, 255, 255);\">. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential </span><strong>temporary denial-of-service condition</strong><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;if a valid image is reflashed. </span><strong>Remote exploitation is not possible</strong><span style=\"background-color: rgb(255, 255, 255);\">.</span><br>"}], "value": "Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access\u00a0to the device could use this information to access the bootloader menu via a serial interface. \u00a0Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition\u00a0if a valid image is reflashed. Remote exploitation is not possible."}], "impacts": [{"capecId": "CAPEC-102", "descriptions": [{"lang": "en", "value": "CAPEC-102: Session Sidejacking"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2026-02-05T17:01:20.476Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Refer to&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers\">https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026...</a>"}], "value": "Refer to\u00a0 https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026... https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-05T17:33:53.012256Z", "id": "CVE-2026-0715", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T17:34:04.225Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0715", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-05T17:33:53.012256Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T17:33:58.065Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Cyloq"}], "impacts": [{"capecId": "CAPEC-102", "descriptions": [{"lang": "en", "value": "CAPEC-102: Session Sidejacking"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "UC-1200A Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Refer to\u00a0 https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026... https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers", "supportingMedia": [{"type": "text/html", "value": "Refer to&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers\">https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026...</a>", "base64": false}]}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access\u00a0to the device could use this information to access the bootloader menu via a serial interface. \u00a0Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition\u00a0if a valid image is reflashed. Remote exploitation is not possible.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with </span><strong>physical access</strong><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;to the device could use this information to access the bootloader menu via a serial interface. &nbsp;Access to the bootloader menu </span><strong>does not allow full system takeover or privilege escalation</strong><span style=\"background-color: rgb(255, 255, 255);\">. The bootloader enforces digital signature verification and only permits flashing of </span><strong>Moxa-signed images</strong><span style=\"background-color: rgb(255, 255, 255);\">. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential </span><strong>temporary denial-of-service condition</strong><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;if a valid image is reflashed. </span><strong>Remote exploitation is not possible</strong><span style=\"background-color: rgb(255, 255, 255);\">.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2026-02-05T17:01:20.476Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0715", "state": "PUBLISHED", "dateUpdated": "2026-02-05T17:34:04.225Z", "dateReserved": "2026-01-08T10:25:24.767Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2026-02-05T17:01:20.476Z", "assignerShortName": "Moxa"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-1222a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8167DA5A-652A-402E-BF4F-01D70DD14FC2", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-1222a:-:*:*:*:*:*:*:*", "matchCriteriaId": "72578407-EBB4-455A-BFFD-CBF17DBDF888", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-2222a-t-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "503B8755-1E39-4EF2-9E36-6FF430F3DDF4", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-2222a-t-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2CA1BF1-116A-4EED-8C17-67167F0C2053", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-2222a-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F3FD56F-C600-42DA-8A17-AE6A53677F77", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-2222a-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F459B2E-241A-41C6-B0F9-651955E6EC9D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-2222a-t-ap_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3D4B9CC-F8C0-4761-AD7C-48884CCA008E", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-2222a-t-ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "C09ACD6D-F1AF-450F-8B7B-5313389E204E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-2222a-t-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E3C2660-8331-4382-9B39-0C3828230878", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-2222a-t-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "532B900B-39A3-4DD8-867A-CD84702B7243", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-3434a-t-lte-wifi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64DA1C29-CF93-4A95-8F55-5CA151E20B3B", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-3434a-t-lte-wifi:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6D9FC85-16CD-4170-B153-5B8E752402E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-3424a-t-lte_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "995400B9-5332-4215-BA10-BF11EE0DDA94", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-3424a-t-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "D91D6E6E-C4A4-4D1F-AA36-D5DC150DF3C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-3420a-t-lte_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB2C60D1-9E8B-44B6-81B7-65A645468F2E", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-3420a-t-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "738173F1-B37C-4763-96A9-82932E578CCB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-3430a-t-lte-wifi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5710925C-DFD1-4DAB-AA86-E0BC497FB03A", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-3430a-t-lte-wifi:-:*:*:*:*:*:*:*", "matchCriteriaId": "91C8CE2A-55D7-46AF-8279-27398D3A4035", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-4450a-t-5g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "04F34E9F-00C9-4BDA-9F90-7C8BAAA4B232", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-4450a-t-5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA3A69F3-C344-4497-9D83-28D4705E1AF2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-4434a-i-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3021869-904A-48D8-B5A6-86392B0B7AE7", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-4434a-i-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "2624B562-847E-42E2-8A40-CD758D9A6ED3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-4410a-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BB21C59-CBBE-48D0-8F9B-B3981B41A7B8", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-4410a-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "B160E192-06BA-46C2-9A3B-5E7DE67975ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-4454a-t-5g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD20F80A-E88B-4035-9EA9-CC20473C9D11", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-4454a-t-5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE600462-6F7D-42DB-B057-BEFF8EB8D7AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-4414a-i-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "51EEBA33-4514-4518-ABC8-E3A2BC188EF6", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-4414a-i-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "21AE6E81-EC56-45A6-8ACD-0E69FC5A4035", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-4430a-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3534010A-ABE9-40E6-A414-DB40248F08C2", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-4430a-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7B389D3-63FC-413F-837F-686315DB7987", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-8210-t-lx-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE026AF0-969E-487A-A3E8-5335F8410BA6", "versionEndIncluding": "1.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-8210-t-lx-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "53104CD8-0DF4-46E5-87F1-B5810EB1B79E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-8220-t-lx-eu-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B471C4C8-AA5B-4313-BC60-8643A995CBA4", "versionEndIncluding": "1.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-8220-t-lx-eu-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5D493C8-E0E4-4C2B-8A95-66DB61BD7035", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-8220-t-lx-ap-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAF65F04-34B5-4BDF-891F-A748F3E83226", "versionEndIncluding": "1.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-8220-t-lx-ap-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDC404D8-D558-462F-898F-9CFE54330FD2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F40D9DE3-4DE6-4607-AFD4-6F6BF5A6739E", "versionEndIncluding": "1.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-8220-t-lx-us-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "726EC056-8BC7-4ACC-A6FF-7E7664859B03", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:uc-8220-t-lx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D28B123-ECE0-42C6-847E-C8202F4AB609", "versionEndIncluding": "1.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:uc-8220-t-lx:-:*:*:*:*:*:*:*", "matchCriteriaId": "D65808DD-2672-42D7-8544-8A9E0D1519E5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v1202-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F44CEC2-E2EA-4D48-8E73-9021016490B7", "versionEndIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v1202-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "70417E9B-EE42-4C07-AF9F-E5A5706FA2AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v1222-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A49B3729-A2FD-4323-9C3C-247F40F2A275", "versionEndIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v1222-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2E7C7DB-3D0F-42DB-8BFA-FE925BCE033C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v1222-w-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E603495A-9361-4F98-A504-27BD79287C43", "versionEndIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v1222-w-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DDB695F-6E8A-4F1B-BB66-4454EEFEA8FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-kl7-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3090DF0D-8F71-44D2-89A5-E09557D38DF4", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-kl7-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF9866E9-E766-48C5-BE4D-C0D47A110B59", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-kl7-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F97B9744-7133-42A1-8A57-71645107BE55", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-kl7-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "7478BFC6-B075-48AB-91AD-4198763E9A98", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-wl7-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "00629F07-BF15-4EBD-9A4F-75F6E10FE28E", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-wl7-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F0B516F-DB20-4945-810F-0FB5E35519DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-wl5-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F039963D-EB6C-4C4D-988D-EF29070CF838", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-wl5-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "286BAABC-D23A-47CE-8C34-E5D9A80FD3F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-kl1-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0293EC6B-74AB-4A34-8F77-DB531FDF37C1", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-kl1-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "6952DBFC-A124-4789-A736-9379F22D55F5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-wl3-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1835EB75-FC89-4AB3-99CC-E0FBF83964FE", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-wl3-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C281936-9B86-426B-BED9-85938021F697", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-wl1-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F7259E4-42FE-4B53-9052-01CFDF8D54E5", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-wl1-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BE3E251-B527-4E99-B328-196FECD9BC09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-kl3-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D28A5EF7-404C-42FA-9C7E-3F41CADB75EE", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-kl3-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "6AD0AFF8-9643-4DA7-8B84-3E6F2A38B202", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-wl1-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8F00264-77DE-4F32-BF38-7BC2010A9A82", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-wl1-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BE7E790-7486-4B86-A1CF-4F53A69692BB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-kl1-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35B513A7-8D04-4B05-8504-5003429C7EF5", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-kl1-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD0569FA-D547-46BB-B3EC-5258157998C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-wl7-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEA9EA52-3C06-4A5B-9A7B-FBDAA8F68366", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-wl7-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "25AF6210-73AD-49A6-B65B-655F8E78A2C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:v2406c-kl5-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA5DB30C-70E4-42AB-B722-F0672E66C93B", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:v2406c-kl5-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "2472200D-E9E7-4B8F-AC80-96EB939CC027", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access\u00a0to the device could use this information to access the bootloader menu via a serial interface. \u00a0Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition\u00a0if a valid image is reflashed. Remote exploitation is not possible."}, {"lang": "es", "value": "Las computadoras industriales Moxa basadas en Arm que ejecutan Moxa Industrial Linux Secure utilizan una contrase\u00f1a de bootloader \u00fanica para el dispositivo, proporcionada en el mismo. Un atacante con acceso f\u00edsico al dispositivo podr\u00eda usar esta informaci\u00f3n para acceder al men\u00fa del bootloader a trav\u00e9s de una interfaz serial. El acceso al men\u00fa del bootloader no permite la toma de control total del sistema ni la escalada de privilegios. El bootloader aplica la verificaci\u00f3n de firma digital y solo permite el flasheo de im\u00e1genes firmadas por Moxa. Como resultado, un atacante no puede instalar firmware malicioso ni ejecutar c\u00f3digo arbitrario. El impacto principal se limita a una posible condici\u00f3n temporal de denegaci\u00f3n de servicio si se vuelve a flashear una imagen v\u00e1lida. La explotaci\u00f3n remota no es posible."}], "id": "CVE-2026-0715", "lastModified": "2026-02-18T17:51:47.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2026-02-05T17:16:13.333", "references": [{"source": "psirt@moxa.com", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}