Details of VAR-202303-0165

ID

VAR-202303-0165

CVE

CVE-2023-1257

TITLE

Moxa UC Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202303-484

DESCRIPTION

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system

Trust: 0.99

sources: NVD: CVE-2023-1257 // VULMON: CVE-2023-1257

AFFECTED PRODUCTS

vendor:	moxa	model:	uc-3121-t-us-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-2102-lx	scope:	gte	version:	1.3	Trust: 1.0
vendor:	moxa	model:	uc-2101-lx	scope:	gte	version:	1.3	Trust: 1.0
vendor:	moxa	model:	uc-8162-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx-us-s	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-8410a-t-lx	scope:	eq	version:	2.2	Trust: 1.0
vendor:	moxa	model:	uc-2114-t-lx	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	uc-3121-t-ap-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3121-t-ap-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx-us-s	scope:	lte	version:	2.4	Trust: 1.0
vendor:	moxa	model:	uc-8580-t-ct-lx	scope:	eq	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-3101-t-ap-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-ap-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx-eu-s	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-8580-lx	scope:	eq	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-8580-q-lx	scope:	eq	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-2112-lx	scope:	gte	version:	1.3	Trust: 1.0
vendor:	moxa	model:	uc-2102-t-lx	scope:	gte	version:	1.3	Trust: 1.0
vendor:	moxa	model:	uc-2104-lx	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	uc-2101-lx	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	uc-8410a-nw-lx	scope:	eq	version:	2.2	Trust: 1.0
vendor:	moxa	model:	uc-8112-me-t-lx	scope:	lte	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-2111-lx	scope:	gte	version:	1.3	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-eu-lx-nw	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-8131-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8540-lx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-5112-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8540-lx	scope:	lte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3121-t-us-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3121-t-eu-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-8132-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx-ap-s	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-8210-t-lx-s	scope:	lte	version:	2.4	Trust: 1.0
vendor:	moxa	model:	uc-2116-t-lx	scope:	gte	version:	1.3	Trust: 1.0
vendor:	moxa	model:	uc-2114-t-lx	scope:	gte	version:	1.3	Trust: 1.0
vendor:	moxa	model:	uc-8540-t-ct-lx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-8112-me-t-lx1	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-8410a-lx	scope:	eq	version:	2.2	Trust: 1.0
vendor:	moxa	model:	uc-8540-t-ct-lx	scope:	lte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8112-me-t-lx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-2116-t-lx	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	uc-3101-t-us-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx-ap-s	scope:	lte	version:	2.4	Trust: 1.0
vendor:	moxa	model:	uc-3101-t-eu-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8580-t-lx	scope:	eq	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx-s	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-5111-t-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8580-t-q-lx	scope:	eq	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-2102-lx	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	uc-3101-t-eu-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-8112-me-t-lx1	scope:	lte	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-eu-lx-nw	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-us-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-2104-lx	scope:	gte	version:	1.3	Trust: 1.0
vendor:	moxa	model:	uc-5101-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3101-t-ap-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-8112a-me-t-lx	scope:	lte	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx-s	scope:	lte	version:	2.4	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-ap-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-8540-t-lx	scope:	lte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx-eu-s	scope:	lte	version:	2.4	Trust: 1.0
vendor:	moxa	model:	uc-3121-t-eu-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-2111-lx	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	uc-2112-lx	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	uc-8112-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-us-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-5101-t-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8210-t-lx-s	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-eu-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-ap-lx-nw	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-8540-t-lx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-5111-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-2114-t-lx	scope:	eq	version:	-	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-us-lx-nw	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-2102-t-lx	scope:	lte	version:	1.5	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-us-lx-nw	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-8112a-me-t-lx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	moxa	model:	uc-8220-t-lx	scope:	lte	version:	2.4	Trust: 1.0
vendor:	moxa	model:	uc-8410a-nw-t-lx	scope:	eq	version:	2.2	Trust: 1.0
vendor:	moxa	model:	uc-8580-t-ct-q-lx	scope:	eq	version:	1.1	Trust: 1.0
vendor:	moxa	model:	uc-5102-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-eu-lx	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-3101-t-us-lx	scope:	gte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-3111-t-ap-lx-nw	scope:	lte	version:	2.0	Trust: 1.0
vendor:	moxa	model:	uc-5112-t-lx	scope:	eq	version:	1.2	Trust: 1.0
vendor:	moxa	model:	uc-5102-t-lx	scope:	eq	version:	1.2	Trust: 1.0

sources: NVD: CVE-2023-1257

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-1257
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202303-484
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2023-1257
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202303-484 // NVD: CVE-2023-1257

PROBLEMTYPE DATA

problemtype:

CWE-1263

Trust: 1.0

sources: NVD: CVE-2023-1257

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-484

CONFIGURATIONS

sources: NVD: CVE-2023-1257

PATCH

title:

Moxa UC Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228999

Trust: 0.6

sources: CNNVD: CNNVD-202303-484

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-22-333-04	Trust: 1.7
db:	NVD	id:	CVE-2023-1257	Trust: 1.7
db:	CNNVD	id:	CNNVD-202303-484	Trust: 0.6
db:	VULMON	id:	CVE-2023-1257	Trust: 0.1

sources: VULMON: CVE-2023-1257 // CNNVD: CNNVD-202303-484 // NVD: CVE-2023-1257

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-1257/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/1263.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-1257 // CNNVD: CNNVD-202303-484 // NVD: CVE-2023-1257

SOURCES

db:	VULMON	id:	CVE-2023-1257
db:	CNNVD	id:	CNNVD-202303-484
db:	NVD	id:	CVE-2023-1257

LAST UPDATE DATE

2023-03-15T22:28:37.169000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-1257	date:	2023-03-07T00:00:00
db:	CNNVD	id:	CNNVD-202303-484	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2023-1257	date:	2023-03-14T19:25:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-1257	date:	2023-03-07T00:00:00
db:	CNNVD	id:	CNNVD-202303-484	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2023-1257	date:	2023-03-07T17:15:00