Sign-up

ID

VAR-202303-0165


CVE

CVE-2023-1257


TITLE

plural  Moxa Inc.  Vulnerabilities related to improper physical access controls in products

Trust: 0.8

sources: JVNDB: JVNDB-2023-005117

DESCRIPTION

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. UC-2101-LX firmware, UC-2102-LX firmware, UC-2102-T-LX firmware etc. Moxa Inc. The product contains a vulnerability related to improper physical access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-1257 // JVNDB: JVNDB-2023-005117 // VULMON: CVE-2023-1257

AFFECTED PRODUCTS

vendor:moxamodel:uc-2102-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-8540-t-ct-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-2111-lxscope:gteversion:1.3

Trust: 1.0

vendor:moxamodel:uc-3101-t-us-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-3111-t-eu-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8210-t-lx-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8580-lxscope:eqversion:1.1

Trust: 1.0

vendor:moxamodel:uc-8410a-t-lxscope:eqversion:2.2

Trust: 1.0

vendor:moxamodel:uc-8580-t-ct-q-lxscope:eqversion:1.1

Trust: 1.0

vendor:moxamodel:uc-2112-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-2102-t-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-3111-t-ap-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-3101-t-us-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-eu-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-us-lx-nwscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8162-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-3111-t-us-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-3121-t-us-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-3121-t-ap-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-eu-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-us-lx-nwscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-2114-t-lxscope:gteversion:1.3

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-ap-sscope:lteversion:2.4

Trust: 1.0

vendor:moxamodel:uc-8540-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8580-t-ct-lxscope:eqversion:1.1

Trust: 1.0

vendor:moxamodel:uc-8410a-nw-lxscope:eqversion:2.2

Trust: 1.0

vendor:moxamodel:uc-2104-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-3111-t-eu-lx-nwscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-8112-me-t-lxscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:uc-3121-t-ap-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-5112-t-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8540-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3101-t-eu-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8112-me-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-ap-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-8410a-nw-t-lxscope:eqversion:2.2

Trust: 1.0

vendor:moxamodel:uc-2102-t-lxscope:gteversion:1.3

Trust: 1.0

vendor:moxamodel:uc-5112-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-3101-t-ap-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8410a-lxscope:eqversion:2.2

Trust: 1.0

vendor:moxamodel:uc-5101-t-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-2114-t-lxscope:eqversion: -

Trust: 1.0

vendor:moxamodel:uc-2116-t-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-5111-t-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8580-q-lxscope:eqversion:1.1

Trust: 1.0

vendor:moxamodel:uc-8540-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-2101-lxscope:gteversion:1.3

Trust: 1.0

vendor:moxamodel:uc-8540-t-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-2104-lxscope:gteversion:1.3

Trust: 1.0

vendor:moxamodel:uc-3111-t-ap-lx-nwscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8220-t-lxscope:lteversion:2.4

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-eu-sscope:lteversion:2.4

Trust: 1.0

vendor:moxamodel:uc-8112-me-t-lx1scope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-sscope:lteversion:2.4

Trust: 1.0

vendor:moxamodel:uc-5102-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-2116-t-lxscope:gteversion:1.3

Trust: 1.0

vendor:moxamodel:uc-8112a-me-t-lxscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:uc-3111-t-eu-lx-nwscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-2102-lxscope:gteversion:1.3

Trust: 1.0

vendor:moxamodel:uc-8580-t-q-lxscope:eqversion:1.1

Trust: 1.0

vendor:moxamodel:uc-5111-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8220-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3111-t-ap-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-8112a-me-t-lxscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3121-t-eu-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-2101-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-2112-lxscope:gteversion:1.3

Trust: 1.0

vendor:moxamodel:uc-8112-me-t-lx1scope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-3121-t-us-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-2111-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-3111-t-ap-lx-nwscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-us-sscope:lteversion:2.4

Trust: 1.0

vendor:moxamodel:uc-3121-t-eu-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-3101-t-eu-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-8112-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8131-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8210-t-lx-sscope:lteversion:2.4

Trust: 1.0

vendor:moxamodel:uc-5101-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-2114-t-lxscope:lteversion:1.5

Trust: 1.0

vendor:moxamodel:uc-8580-t-lxscope:eqversion:1.1

Trust: 1.0

vendor:moxamodel:uc-8132-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-3111-t-us-lxscope:gteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-5102-t-lxscope:eqversion:1.2

Trust: 1.0

vendor:moxamodel:uc-8540-t-ct-lxscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:uc-3101-t-ap-lxscope:lteversion:2.0

Trust: 1.0

vendor:moxamodel:uc-8220-t-lx-us-sscope:gteversion:1.0

Trust: 1.0

vendor:moxamodel:uc-2112-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3121-t-ap-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2114-t-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3111-t-eu-lx-nwscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3111-t-ap-lx-nwscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2116-t-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2111-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3101-t-us-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3111-t-us-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3101-t-ap-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2104-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2102-t-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2102-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3121-t-eu-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3111-t-us-lx-nwscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3111-t-ap-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-2101-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3101-t-eu-lxscope: - version: -

Trust: 0.8

vendor:moxamodel:uc-3111-t-eu-lxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-005117 // NVD: CVE-2023-1257

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-1257
value: MEDIUM

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2023-1257
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202303-484
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov:
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-1257
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-005117 // NVD: CVE-2023-1257 // NVD: CVE-2023-1257 // CNNVD: CNNVD-202303-484

PROBLEMTYPE DATA

problemtype:inadequate physical access controls (CWE-1263) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-005117

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-484

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-1257

PATCH
title:Moxa UC Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228999
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202303-484

EXTERNAL IDS
db:NVDid:CVE-2023-1257
Trust: 3.3
db:ICS CERTid:ICSA-22-333-04
Trust: 2.5
db:JVNDBid:JVNDB-2023-005117
Trust: 0.8
db:CNNVDid:CNNVD-202303-484
Trust: 0.6
db:VULMONid:CVE-2023-1257
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-1257 // 
            
            
            
            JVNDB: JVNDB-2023-005117 // 
            
            
            
            NVD: CVE-2023-1257 // 
            
            
            
            CNNVD: CNNVD-202303-484

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-1257
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-1257/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/1263.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-1257 // 
            
            
            
            JVNDB: JVNDB-2023-005117 // 
            
            
            
            NVD: CVE-2023-1257 // 
            
            
            
            CNNVD: CNNVD-202303-484

SOURCES
db:VULMONid:CVE-2023-1257
db:JVNDBid:JVNDB-2023-005117
db:NVDid:CVE-2023-1257
db:CNNVDid:CNNVD-202303-484

LAST UPDATE DATE
2023-12-18T13:41:47.519000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-1257date:2023-03-07T00:00:00
db:JVNDBid:JVNDB-2023-005117date:2023-11-06T07:25:00
db:NVDid:CVE-2023-1257date:2023-11-07T04:02:56.573
db:CNNVDid:CNNVD-202303-484date:2023-03-15T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-1257date:2023-03-07T00:00:00
db:JVNDBid:JVNDB-2023-005117date:2023-11-06T00:00:00
db:NVDid:CVE-2023-1257date:2023-03-07T17:15:12.527
db:CNNVDid:CNNVD-202303-484date:2023-03-07T00:00:00