TROYANOSYVIRUS
Back to CVEs

CVE-2026-0715

MEDIUM
6.8

Description

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

CVE Details

CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorPHYSICAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/5/2026
Last Modified2/18/2026
Sourcenvd
Honeypot Sightings0

Affected Products

moxa:uc-1222amoxa:uc-1222a_firmwaremoxa:uc-2222a-tmoxa:uc-2222a-t-apmoxa:uc-2222a-t-ap_firmwaremoxa:uc-2222a-t-eumoxa:uc-2222a-t-eu_firmwaremoxa:uc-2222a-t-usmoxa:uc-2222a-t-us_firmwaremoxa:uc-2222a-t_firmwaremoxa:uc-3420a-t-ltemoxa:uc-3420a-t-lte_firmwaremoxa:uc-3424a-t-ltemoxa:uc-3424a-t-lte_firmwaremoxa:uc-3430a-t-lte-wifimoxa:uc-3430a-t-lte-wifi_firmwaremoxa:uc-3434a-t-lte-wifimoxa:uc-3434a-t-lte-wifi_firmwaremoxa:uc-4410a-tmoxa:uc-4410a-t_firmwaremoxa:uc-4414a-i-tmoxa:uc-4414a-i-t_firmwaremoxa:uc-4430a-tmoxa:uc-4430a-t_firmwaremoxa:uc-4434a-i-tmoxa:uc-4434a-i-t_firmwaremoxa:uc-4450a-t-5gmoxa:uc-4450a-t-5g_firmwaremoxa:uc-4454a-t-5gmoxa:uc-4454a-t-5g_firmwaremoxa:uc-8210-t-lx-smoxa:uc-8210-t-lx-s_firmwaremoxa:uc-8220-t-lxmoxa:uc-8220-t-lx-ap-smoxa:uc-8220-t-lx-ap-s_firmwaremoxa:uc-8220-t-lx-eu-smoxa:uc-8220-t-lx-eu-s_firmwaremoxa:uc-8220-t-lx-us-smoxa:uc-8220-t-lx-us-s_firmwaremoxa:uc-8220-t-lx_firmwaremoxa:v1202-ct-tmoxa:v1202-ct-t_firmwaremoxa:v1222-ct-tmoxa:v1222-ct-t_firmwaremoxa:v1222-w-ct-tmoxa:v1222-w-ct-t_firmwaremoxa:v2406c-kl1-ct-tmoxa:v2406c-kl1-ct-t_firmwaremoxa:v2406c-kl1-tmoxa:v2406c-kl1-t_firmwaremoxa:v2406c-kl3-tmoxa:v2406c-kl3-t_firmwaremoxa:v2406c-kl5-tmoxa:v2406c-kl5-t_firmwaremoxa:v2406c-kl7-ct-tmoxa:v2406c-kl7-ct-t_firmwaremoxa:v2406c-kl7-tmoxa:v2406c-kl7-t_firmwaremoxa:v2406c-wl1-ct-tmoxa:v2406c-wl1-ct-t_firmwaremoxa:v2406c-wl1-tmoxa:v2406c-wl1-t_firmwaremoxa:v2406c-wl3-tmoxa:v2406c-wl3-t_firmwaremoxa:v2406c-wl5-tmoxa:v2406c-wl5-t_firmwaremoxa:v2406c-wl7-ct-tmoxa:v2406c-wl7-ct-t_firmwaremoxa:v2406c-wl7-tmoxa:v2406c-wl7-t_firmware

Weaknesses (CWE)

CWE-522

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers(psirt@moxa.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.