Sign-up

ID

VAR-202211-1511


CVE

CVE-2022-3088


TITLE

Moxa  Made  ARM-Based Computers  Improper Privilege Management Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002764

DESCRIPTION

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. Moxa Provided by ARM-Based Computers The following vulnerabilities exist in. It was * Improper authority management (CWE-269) - CVE-2022-3088If the vulnerability is exploited, it may be affected as follows. It was * to a general privileged user root Gained authority and full control over the system. There is a privilege escalation vulnerability in Moxa ARM-Based Computers, attackers can exploit the vulnerability to obtain root privileges

Trust: 2.25

sources: NVD: CVE-2022-3088 // JVNDB: JVNDB-2022-002764 // CNVD: CNVD-2022-86385 // VULMON: CVE-2022-3088

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-86385

AFFECTED PRODUCTS

vendor:moxamodel:uc-8580-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:aig-301-t-us-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8410a-nw-t-lxscope:lteversion:4.1.2

Trust: 1.0

vendor:moxamodel:uc-8540-t-ct-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:uc-2111-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-2116-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-us-lx-nwscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:aig-301-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-2101-lxscope:lteversion:1.12

Trust: 1.0

vendor:moxamodel:uc-3121-t-us-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-ap-lx-nwscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-3111-t-us-lx-nwscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-5102-t-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-3101-t-us-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-3121-t-eu-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:da-662c-16-lxscope:gteversion:1.0.2

Trust: 1.0

vendor:moxamodel:uc-3111-t-ap-lx-nwscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3121-t-eu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:aig-301-ap-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8580-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:uc-8540-t-ct-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:uc-5112-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-eu-sscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-8131-lxscope:lteversion:3.5

Trust: 1.0

vendor:moxamodel:uc-2102-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:aig-301-t-ap-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-2112-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-5112-t-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:aig-301-us-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-2104-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-5101-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8162-lxscope:lteversion:3.5

Trust: 1.0

vendor:moxamodel:uc-8112-me-t-lx1scope:eqversion:3.0

Trust: 1.0

vendor:moxamodel:uc-8410a-nw-lxscope:gteversion:4.0.2

Trust: 1.0

vendor:moxamodel:uc-2114-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8132-lxscope:lteversion:3.5

Trust: 1.0

vendor:moxamodel:uc-8112a-me-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8131-lxscope:gteversion:3.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-ap-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-5101-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-2101-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:aig-301-t-cn-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-3111-t-eu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:aig-301-eu-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8410a-lxscope:lteversion:4.1.2

Trust: 1.0

vendor:moxamodel:uc-3111-t-eu-lx-nwscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-5111-t-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-8112a-me-t-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-eu-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8580-t-ct-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:uc-3101-t-ap-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:aig-301-t-eu-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-8540-t-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:uc-3111-t-eu-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:da-662c-16-lxscope:lteversion:1.1.2

Trust: 1.0

vendor:moxamodel:uc-3111-t-ap-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-eu-lx-nwscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-2102-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:aig-301-cn-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-8580-t-q-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:uc-3121-t-us-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-5112-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-us-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8162-lxscope:gteversion:3.0

Trust: 1.0

vendor:moxamodel:uc-5101-t-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-8580-t-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:uc-3121-t-ap-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-8540-t-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:uc-5101-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-5102-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-ap-sscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-3121-t-ap-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8410a-t-lxscope:lteversion:4.1.2

Trust: 1.0

vendor:moxamodel:uc-2114-t-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-3101-t-us-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8112-me-t-lxscope:eqversion:3.0

Trust: 1.0

vendor:moxamodel:uc-2112-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:aig-301-t-cn-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8580-t-q-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:uc-8580-t-ct-q-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:uc-8112-me-t-lx1scope:eqversion:3.1

Trust: 1.0

vendor:moxamodel:aig-301-eu-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-5111-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8540-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:uc-8112-lxscope:gteversion:3.0

Trust: 1.0

vendor:moxamodel:aig-301-t-eu-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-us-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:aig-301-t-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8580-t-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:uc-8580-q-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:uc-5111-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3101-t-ap-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:aig-301-cn-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-2111-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:aig-301-t-us-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-2102-t-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8410a-lxscope:gteversion:4.0.2

Trust: 1.0

vendor:moxamodel:uc-8580-t-ct-q-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:uc-5102-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-8540-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:aig-301-ap-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-8580-q-lxscope:eqversion:2.0

Trust: 1.0

vendor:moxamodel:aig-301-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-2116-t-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8410a-nw-t-lxscope:gteversion:4.0.2

Trust: 1.0

vendor:moxamodel:uc-5111-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-8580-t-ct-lxscope:eqversion:2.1

Trust: 1.0

vendor:moxamodel:uc-5102-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8410a-t-lxscope:gteversion:4.0.2

Trust: 1.0

vendor:moxamodel:uc-8112-me-t-lxscope:eqversion:3.1

Trust: 1.0

vendor:moxamodel:uc-3101-t-eu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-sscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-5112-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:aig-301-t-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:aig-301-us-azu-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-ap-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-8112-lxscope:lteversion:3.5

Trust: 1.0

vendor:moxamodel:aig-301-t-ap-azu-lxscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-us-sscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-8410a-nw-lxscope:lteversion:4.1.2

Trust: 1.0

vendor:moxamodel:uc-2104-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3101-t-eu-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-2102-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8220-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-us-lxscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:uc-8132-lxscope:gteversion:3.0

Trust: 1.0

vendor:moxamodel:uc-3100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-8100a-me-t seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-8200 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:da-662c-16-lx seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-8580 seriesscope:eqversion:system image v2.0 v2.1

Trust: 0.8

vendor:moxamodel:uc-8100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-8100-me-t seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-8410a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2100-w seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:aig-300 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-5100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-8540 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:da-662c-16-lx system imagescope:gteversion:1.0.2,<=1.1.2

Trust: 0.6

vendor:moxamodel:uc-8540 with debian system imagescope:eqversion:9v2.0

Trust: 0.6

vendor:moxamodel:uc-8540 with debian system imagescope:eqversion:9v2.1

Trust: 0.6

vendor:moxamodel:uc-8580 with debian system imagescope:eqversion:9v2.0

Trust: 0.6

vendor:moxamodel:uc-8580 with debian system imagescope:eqversion:9v2.1

Trust: 0.6

vendor:moxamodel:uc-8410a with debian system imagescope:eqversion:9v4.0.2

Trust: 0.6

vendor:moxamodel:uc-8410a with debian system imagescope:eqversion:9v4.1.2

Trust: 0.6

vendor:moxamodel:aig-300 system imagescope:gteversion:v1.0,<=v1.4

Trust: 0.6

vendor:moxamodel:uc-8200 system imagescope:gteversion:v1.0,<=v1.5

Trust: 0.6

vendor:moxamodel:uc-8100-me-t system imagescope:eqversion:v3.0

Trust: 0.6

vendor:moxamodel:uc-8100-me-t system imagescope:eqversion:v3.1

Trust: 0.6

vendor:moxamodel:uc-8100 system imagescope:gteversion:3.0,<=3.5

Trust: 0.6

vendor:moxamodel:uc-5100 system imagescope:gteversion:v1.0,<=v1.4

Trust: 0.6

vendor:moxamodel:uc-3100 system imagescope:gteversion:1.0,<=1.6

Trust: 0.6

vendor:moxamodel:uc-2100-w system imagescope:gteversion:v1.0,<=v1.12

Trust: 0.6

vendor:moxamodel:uc-2100 system imagescope:gteversion:v1.0,<=v1.12

Trust: 0.6

vendor:moxamodel:uc-8100a-me-t system imagescope:gteversion:v1.0,<=v1.6

Trust: 0.6

sources: CNVD: CNVD-2022-86385 // JVNDB: JVNDB-2022-002764 // NVD: CVE-2022-3088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-3088
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-3088
value: HIGH

Trust: 1.0

NVD: CVE-2022-3088
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-86385
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-3391
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-86385
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-3088
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-3088
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-86385 // JVNDB: JVNDB-2022-002764 // CNNVD: CNNVD-202211-3391 // NVD: CVE-2022-3088 // NVD: CVE-2022-3088

PROBLEMTYPE DATA

problemtype:CWE-250

Trust: 1.0

problemtype:CWE-269

Trust: 1.0

problemtype:Improper authority management (CWE-269) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-002764 // NVD: CVE-2022-3088

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-3391

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-3391

PATCH

title:Arm-based Computer Improper Privilege Management Vulnerabilityurl:https://www.moxa.com/en/support/product-support/security-advisory/moxa-arm-based-computer-improper-privilege-management-vulnerability

Trust: 0.8

title:Patch for MOXA ARM-Based Computers Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/366071

Trust: 0.6

title:MOXA ARM-Based Computers Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=216086

Trust: 0.6

sources: CNVD: CNVD-2022-86385 // JVNDB: JVNDB-2022-002764 // CNNVD: CNNVD-202211-3391

EXTERNAL IDS

db:NVDid:CVE-2022-3088

Trust: 3.9

db:ICS CERTid:ICSA-22-326-05

Trust: 2.5

db:AUSCERTid:ESB-2022.6116

Trust: 1.2

db:JVNid:JVNVU98565313

Trust: 0.8

db:JVNDBid:JVNDB-2022-002764

Trust: 0.8

db:CNVDid:CNVD-2022-86385

Trust: 0.6

db:CNNVDid:CNNVD-202211-3391

Trust: 0.6

db:VULMONid:CVE-2022-3088

Trust: 0.1

sources: CNVD: CNVD-2022-86385 // VULMON: CVE-2022-3088 // JVNDB: JVNDB-2022-002764 // CNNVD: CNNVD-202211-3391 // NVD: CVE-2022-3088

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05

Trust: 2.5

url:https://www.auscert.org.au/bulletins/esb-2022.6116

Trust: 1.2

url:https://jvn.jp/vu/jvnvu98565313

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-3088

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-3088/

Trust: 0.6

sources: CNVD: CNVD-2022-86385 // VULMON: CVE-2022-3088 // JVNDB: JVNDB-2022-002764 // CNNVD: CNNVD-202211-3391 // NVD: CVE-2022-3088

SOURCES

db:CNVDid:CNVD-2022-86385
db:VULMONid:CVE-2022-3088
db:JVNDBid:JVNDB-2022-002764
db:CNNVDid:CNNVD-202211-3391
db:NVDid:CVE-2022-3088

LAST UPDATE DATE

2024-08-14T15:32:24.929000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-86385date:2022-12-09T00:00:00
db:JVNDBid:JVNDB-2022-002764date:2024-06-06T08:32:00
db:CNNVDid:CNNVD-202211-3391date:2022-12-08T00:00:00
db:NVDid:CVE-2022-3088date:2022-12-07T20:15:11.197

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-86385date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2022-002764date:2022-11-25T00:00:00
db:CNNVDid:CNNVD-202211-3391date:2022-11-23T00:00:00
db:NVDid:CVE-2022-3088date:2022-11-28T22:15:10.783