Cyber Resilience

CVE-2023-1257

High

Published: 07 March 2023

Published
07 March 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0010 27.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-1257 is a high-severity an unspecified weakness vulnerability in Moxa Uc-2114-T-Lx Firmware. Its CVSS base score is 7.6 (High).

Operationally, ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From…

more

the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

moxa
uc-2101-lx firmware
1.3 — 1.5
moxa
uc-2102-lx firmware
1.3 — 1.5
moxa
uc-2102-t-lx firmware
1.3 — 1.5
moxa
uc-2104-lx firmware
1.3 — 1.5
moxa
uc-2111-lx firmware
1.3 — 1.5
moxa
uc-2112-lx firmware
1.3 — 1.5
moxa
uc-2114-t-lx firmware
all versions · 1.3 — 1.5
moxa
uc-2116-t-lx firmware
1.3 — 1.5
moxa
uc-3101-t-ap-lx firmware
1.2 — 2.0
moxa
uc-3101-t-eu-lx firmware
1.2 — 2.0
+44 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References