Vulnerability Details CVE-2026-0715
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface. Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.5%
CVSS Severity
CVSS v3 Score 6.8
Products affected by CVE-2026-0715
-
cpe:2.3:h:moxa:uc-1222a:-
-
cpe:2.3:h:moxa:uc-2222a-t-ap:-
-
cpe:2.3:h:moxa:uc-2222a-t-eu:-
-
cpe:2.3:h:moxa:uc-2222a-t-us:-
-
cpe:2.3:h:moxa:uc-2222a-t:-
-
cpe:2.3:h:moxa:uc-3420a-t-lte:-
-
cpe:2.3:h:moxa:uc-3424a-t-lte:-
-
cpe:2.3:h:moxa:uc-3430a-t-lte-wifi:-
-
cpe:2.3:h:moxa:uc-3434a-t-lte-wifi:-
-
cpe:2.3:h:moxa:uc-4410a-t:-
-
cpe:2.3:h:moxa:uc-4414a-i-t:-
-
cpe:2.3:h:moxa:uc-4430a-t:-
-
cpe:2.3:h:moxa:uc-4434a-i-t:-
-
cpe:2.3:h:moxa:uc-4450a-t-5g:-
-
cpe:2.3:h:moxa:uc-4454a-t-5g:-
-
cpe:2.3:h:moxa:uc-8210-t-lx-s:-
-
cpe:2.3:h:moxa:uc-8220-t-lx-ap-s:-
-
cpe:2.3:h:moxa:uc-8220-t-lx-eu-s:-
-
cpe:2.3:h:moxa:uc-8220-t-lx-us-s:-
-
cpe:2.3:h:moxa:uc-8220-t-lx:-
-
cpe:2.3:h:moxa:v1202-ct-t:-
-
cpe:2.3:h:moxa:v1222-ct-t:-
-
cpe:2.3:h:moxa:v1222-w-ct-t:-
-
cpe:2.3:h:moxa:v2406c-kl1-ct-t:-
-
cpe:2.3:h:moxa:v2406c-kl1-t:-
-
cpe:2.3:h:moxa:v2406c-kl3-t:-
-
cpe:2.3:h:moxa:v2406c-kl5-t:-
-
cpe:2.3:h:moxa:v2406c-kl7-ct-t:-
-
cpe:2.3:h:moxa:v2406c-kl7-t:-
-
cpe:2.3:h:moxa:v2406c-wl1-ct-t:-
-
cpe:2.3:h:moxa:v2406c-wl1-t:-
-
cpe:2.3:h:moxa:v2406c-wl3-t:-
-
cpe:2.3:h:moxa:v2406c-wl5-t:-
-
cpe:2.3:h:moxa:v2406c-wl7-ct-t:-
-
cpe:2.3:h:moxa:v2406c-wl7-t:-
-
cpe:2.3:o:moxa:uc-1222a_firmware:1.4
-
cpe:2.3:o:moxa:uc-2222a-t-ap_firmware:1.4
-
cpe:2.3:o:moxa:uc-2222a-t-eu_firmware:1.4
-
cpe:2.3:o:moxa:uc-2222a-t-us_firmware:1.4
-
cpe:2.3:o:moxa:uc-2222a-t_firmware:1.4
-
cpe:2.3:o:moxa:uc-3420a-t-lte_firmware:1.2
-
cpe:2.3:o:moxa:uc-3424a-t-lte_firmware:1.2
-
cpe:2.3:o:moxa:uc-3430a-t-lte-wifi_firmware:1.2
-
cpe:2.3:o:moxa:uc-3434a-t-lte-wifi_firmware:1.2
-
cpe:2.3:o:moxa:uc-4410a-t_firmware:1.3
-
cpe:2.3:o:moxa:uc-4414a-i-t_firmware:1.3
-
cpe:2.3:o:moxa:uc-4430a-t_firmware:1.3
-
cpe:2.3:o:moxa:uc-4434a-i-t_firmware:1.3
-
cpe:2.3:o:moxa:uc-4450a-t-5g_firmware:1.3
-
cpe:2.3:o:moxa:uc-4454a-t-5g_firmware:1.3
-
cpe:2.3:o:moxa:uc-8210-t-lx-s_firmware:1.0
-
cpe:2.3:o:moxa:uc-8210-t-lx-s_firmware:1.5
-
cpe:2.3:o:moxa:uc-8220-t-lx-ap-s_firmware:-
-
cpe:2.3:o:moxa:uc-8220-t-lx-ap-s_firmware:1.0
-
cpe:2.3:o:moxa:uc-8220-t-lx-ap-s_firmware:1.5
-
cpe:2.3:o:moxa:uc-8220-t-lx-eu-s_firmware:-
-
cpe:2.3:o:moxa:uc-8220-t-lx-eu-s_firmware:1.0
-
cpe:2.3:o:moxa:uc-8220-t-lx-eu-s_firmware:1.5
-
cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware:-
-
cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware:1.0
-
cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware:1.5
-
cpe:2.3:o:moxa:uc-8220-t-lx_firmware:-
-
cpe:2.3:o:moxa:uc-8220-t-lx_firmware:1.0
-
cpe:2.3:o:moxa:uc-8220-t-lx_firmware:1.5
-
cpe:2.3:o:moxa:v1202-ct-t_firmware:1.2.0
-
cpe:2.3:o:moxa:v1222-ct-t_firmware:1.2.0
-
cpe:2.3:o:moxa:v1222-w-ct-t_firmware:1.2.0
-
cpe:2.3:o:moxa:v2406c-kl1-ct-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-kl1-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-kl3-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-kl5-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-kl7-ct-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-kl7-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-wl1-ct-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-wl1-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-wl3-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-wl5-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-wl7-ct-t_firmware:1.2
-
cpe:2.3:o:moxa:v2406c-wl7-t_firmware:1.2