Description
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.
Published: 2026-02-05
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Temporary Denial of Service via bootloader password bypass
Action: Patch
AI Analysis

Impact

The vulnerability exists because Moxa Arm‑based industrial computers use a device‑unique bootloader password that is printed on the device. An attacker with physical access could connect to the serial interface and enter this password to reach the bootloader menu. The menu only allows the installation of firmware that passes digital signature verification, so the attacker cannot install malicious firmware or obtain elevated privileges. Nevertheless, using the menu to reflash a valid image can cause a temporary denial‑of‑service if the image is not properly aligned with operational requirements. Remote exploitation is not possible.

Affected Systems

The vulnerability affects the Moxa UC‑1200A series of industrial computers that run Moxa Industrial Linux Secure. The advisory lists a broad set of other Moxa UC products, but the specific impact is tied to the UC‑1200A series where the device‑unique bootloader password is used.

Risk and Exploitability

The CVSS score is 7, reflecting a moderate severity. EPSS is less than 1%, indicating a very low likelihood of exploitation in the wild. The vulnerability is not present in CISA’s KEV catalog. Exploitation requires physical access to the device and connection to its serial console, making it much harder to achieve than a remote attack. The primary risk is a short‑lived denial of service if an attacker reboots or restores firmware with a valid image, but it cannot be used to compromise firmware integrity or execute arbitrary code.

Generated by OpenCVE AI on April 18, 2026 at 13:40 UTC.

Remediation

Vendor Solution

Refer to  https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026... https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers

OpenCVE Recommended Actions

  • Apply the firmware update provided by Moxa in the referenced security advisory
  • After patching, verify that the serial console is unavailable to unauthorized users or physically secured
  • If a firmware update cannot be applied immediately, tightly restrict or lock physical access to the device’s serial port to prevent bootloader access

Generated by OpenCVE AI on April 18, 2026 at 13:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Bootloader Password Disclosure Allows Physical Device Denial-of-Service

Wed, 18 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Moxa uc-1222a
Moxa uc-1222a Firmware
Moxa uc-2222a-t
Moxa uc-2222a-t-ap
Moxa uc-2222a-t-ap Firmware
Moxa uc-2222a-t-eu
Moxa uc-2222a-t-eu Firmware
Moxa uc-2222a-t-us
Moxa uc-2222a-t-us Firmware
Moxa uc-2222a-t Firmware
Moxa uc-3420a-t-lte
Moxa uc-3420a-t-lte Firmware
Moxa uc-3424a-t-lte
Moxa uc-3424a-t-lte Firmware
Moxa uc-3430a-t-lte-wifi
Moxa uc-3430a-t-lte-wifi Firmware
Moxa uc-3434a-t-lte-wifi
Moxa uc-3434a-t-lte-wifi Firmware
Moxa uc-4410a-t
Moxa uc-4410a-t Firmware
Moxa uc-4414a-i-t
Moxa uc-4414a-i-t Firmware
Moxa uc-4430a-t
Moxa uc-4430a-t Firmware
Moxa uc-4434a-i-t
Moxa uc-4434a-i-t Firmware
Moxa uc-4450a-t-5g
Moxa uc-4450a-t-5g Firmware
Moxa uc-4454a-t-5g
Moxa uc-4454a-t-5g Firmware
Moxa uc-8210-t-lx-s
Moxa uc-8210-t-lx-s Firmware
Moxa uc-8220-t-lx
Moxa uc-8220-t-lx-ap-s
Moxa uc-8220-t-lx-ap-s Firmware
Moxa uc-8220-t-lx-eu-s
Moxa uc-8220-t-lx-eu-s Firmware
Moxa uc-8220-t-lx-us-s
Moxa uc-8220-t-lx-us-s Firmware
Moxa uc-8220-t-lx Firmware
Moxa v1202-ct-t
Moxa v1202-ct-t Firmware
Moxa v1222-ct-t
Moxa v1222-ct-t Firmware
Moxa v1222-w-ct-t
Moxa v1222-w-ct-t Firmware
Moxa v2406c-kl1-ct-t
Moxa v2406c-kl1-ct-t Firmware
Moxa v2406c-kl1-t
Moxa v2406c-kl1-t Firmware
Moxa v2406c-kl3-t
Moxa v2406c-kl3-t Firmware
Moxa v2406c-kl5-t
Moxa v2406c-kl5-t Firmware
Moxa v2406c-kl7-ct-t
Moxa v2406c-kl7-ct-t Firmware
Moxa v2406c-kl7-t
Moxa v2406c-kl7-t Firmware
Moxa v2406c-wl1-ct-t
Moxa v2406c-wl1-ct-t Firmware
Moxa v2406c-wl1-t
Moxa v2406c-wl1-t Firmware
Moxa v2406c-wl3-t
Moxa v2406c-wl3-t Firmware
Moxa v2406c-wl5-t
Moxa v2406c-wl5-t Firmware
Moxa v2406c-wl7-ct-t
Moxa v2406c-wl7-ct-t Firmware
Moxa v2406c-wl7-t
Moxa v2406c-wl7-t Firmware
CPEs cpe:2.3:h:moxa:uc-1222a:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-2222a-t-ap:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-2222a-t-eu:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-2222a-t-us:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-2222a-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-3420a-t-lte:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-3424a-t-lte:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-3430a-t-lte-wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-3434a-t-lte-wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-4410a-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-4414a-i-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-4430a-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-4434a-i-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-4450a-t-5g:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-4454a-t-5g:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-8210-t-lx-s:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-8220-t-lx-ap-s:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-8220-t-lx-eu-s:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-8220-t-lx-us-s:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:uc-8220-t-lx:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v1202-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v1222-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v1222-w-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-kl1-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-kl1-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-kl3-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-kl5-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-kl7-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-kl7-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-wl1-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-wl1-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-wl3-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-wl5-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-wl7-ct-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:v2406c-wl7-t:-:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-1222a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-2222a-t-ap_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-2222a-t-eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-2222a-t-us_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-2222a-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-3420a-t-lte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-3424a-t-lte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-3430a-t-lte-wifi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-3434a-t-lte-wifi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-4410a-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-4414a-i-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-4430a-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-4434a-i-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-4450a-t-5g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-4454a-t-5g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-8210-t-lx-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-8220-t-lx-ap-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-8220-t-lx-eu-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:uc-8220-t-lx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v1202-ct-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v1222-ct-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v1222-w-ct-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-kl1-ct-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-kl1-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-kl3-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-kl5-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-kl7-ct-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-kl7-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-wl1-ct-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-wl1-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-wl3-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-wl5-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-wl7-ct-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:v2406c-wl7-t_firmware:*:*:*:*:*:*:*:*
Vendors & Products Moxa uc-1222a
Moxa uc-1222a Firmware
Moxa uc-2222a-t
Moxa uc-2222a-t-ap
Moxa uc-2222a-t-ap Firmware
Moxa uc-2222a-t-eu
Moxa uc-2222a-t-eu Firmware
Moxa uc-2222a-t-us
Moxa uc-2222a-t-us Firmware
Moxa uc-2222a-t Firmware
Moxa uc-3420a-t-lte
Moxa uc-3420a-t-lte Firmware
Moxa uc-3424a-t-lte
Moxa uc-3424a-t-lte Firmware
Moxa uc-3430a-t-lte-wifi
Moxa uc-3430a-t-lte-wifi Firmware
Moxa uc-3434a-t-lte-wifi
Moxa uc-3434a-t-lte-wifi Firmware
Moxa uc-4410a-t
Moxa uc-4410a-t Firmware
Moxa uc-4414a-i-t
Moxa uc-4414a-i-t Firmware
Moxa uc-4430a-t
Moxa uc-4430a-t Firmware
Moxa uc-4434a-i-t
Moxa uc-4434a-i-t Firmware
Moxa uc-4450a-t-5g
Moxa uc-4450a-t-5g Firmware
Moxa uc-4454a-t-5g
Moxa uc-4454a-t-5g Firmware
Moxa uc-8210-t-lx-s
Moxa uc-8210-t-lx-s Firmware
Moxa uc-8220-t-lx
Moxa uc-8220-t-lx-ap-s
Moxa uc-8220-t-lx-ap-s Firmware
Moxa uc-8220-t-lx-eu-s
Moxa uc-8220-t-lx-eu-s Firmware
Moxa uc-8220-t-lx-us-s
Moxa uc-8220-t-lx-us-s Firmware
Moxa uc-8220-t-lx Firmware
Moxa v1202-ct-t
Moxa v1202-ct-t Firmware
Moxa v1222-ct-t
Moxa v1222-ct-t Firmware
Moxa v1222-w-ct-t
Moxa v1222-w-ct-t Firmware
Moxa v2406c-kl1-ct-t
Moxa v2406c-kl1-ct-t Firmware
Moxa v2406c-kl1-t
Moxa v2406c-kl1-t Firmware
Moxa v2406c-kl3-t
Moxa v2406c-kl3-t Firmware
Moxa v2406c-kl5-t
Moxa v2406c-kl5-t Firmware
Moxa v2406c-kl7-ct-t
Moxa v2406c-kl7-ct-t Firmware
Moxa v2406c-kl7-t
Moxa v2406c-kl7-t Firmware
Moxa v2406c-wl1-ct-t
Moxa v2406c-wl1-ct-t Firmware
Moxa v2406c-wl1-t
Moxa v2406c-wl1-t Firmware
Moxa v2406c-wl3-t
Moxa v2406c-wl3-t Firmware
Moxa v2406c-wl5-t
Moxa v2406c-wl5-t Firmware
Moxa v2406c-wl7-ct-t
Moxa v2406c-wl7-ct-t Firmware
Moxa v2406c-wl7-t
Moxa v2406c-wl7-t Firmware
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 06 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Moxa
Moxa uc-1200a Series
Vendors & Products Moxa
Moxa uc-1200a Series

Thu, 05 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.
Weaknesses CWE-522
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Moxa Uc-1200a Series Uc-1222a Uc-1222a Firmware Uc-2222a-t Uc-2222a-t-ap Uc-2222a-t-ap Firmware Uc-2222a-t-eu Uc-2222a-t-eu Firmware Uc-2222a-t-us Uc-2222a-t-us Firmware Uc-2222a-t Firmware Uc-3420a-t-lte Uc-3420a-t-lte Firmware Uc-3424a-t-lte Uc-3424a-t-lte Firmware Uc-3430a-t-lte-wifi Uc-3430a-t-lte-wifi Firmware Uc-3434a-t-lte-wifi Uc-3434a-t-lte-wifi Firmware Uc-4410a-t Uc-4410a-t Firmware Uc-4414a-i-t Uc-4414a-i-t Firmware Uc-4430a-t Uc-4430a-t Firmware Uc-4434a-i-t Uc-4434a-i-t Firmware Uc-4450a-t-5g Uc-4450a-t-5g Firmware Uc-4454a-t-5g Uc-4454a-t-5g Firmware Uc-8210-t-lx-s Uc-8210-t-lx-s Firmware Uc-8220-t-lx Uc-8220-t-lx-ap-s Uc-8220-t-lx-ap-s Firmware Uc-8220-t-lx-eu-s Uc-8220-t-lx-eu-s Firmware Uc-8220-t-lx-us-s Uc-8220-t-lx-us-s Firmware Uc-8220-t-lx Firmware V1202-ct-t V1202-ct-t Firmware V1222-ct-t V1222-ct-t Firmware V1222-w-ct-t V1222-w-ct-t Firmware V2406c-kl1-ct-t V2406c-kl1-ct-t Firmware V2406c-kl1-t V2406c-kl1-t Firmware V2406c-kl3-t V2406c-kl3-t Firmware V2406c-kl5-t V2406c-kl5-t Firmware V2406c-kl7-ct-t V2406c-kl7-ct-t Firmware V2406c-kl7-t V2406c-kl7-t Firmware V2406c-wl1-ct-t V2406c-wl1-ct-t Firmware V2406c-wl1-t V2406c-wl1-t Firmware V2406c-wl3-t V2406c-wl3-t Firmware V2406c-wl5-t V2406c-wl5-t Firmware V2406c-wl7-ct-t V2406c-wl7-ct-t Firmware V2406c-wl7-t V2406c-wl7-t Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Moxa

Published:

Updated: 2026-02-05T17:34:04.225Z

Reserved: 2026-01-08T10:25:24.767Z

Link: CVE-2026-0715

cve-icon Vulnrichment

Updated: 2026-02-05T17:33:58.065Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-05T17:16:13.333

Modified: 2026-02-18T17:51:47.677

Link: CVE-2026-0715

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:45:45Z

Weaknesses