Skip to main content

Uc 2101 Lx Firmware CVE-2022-3088

HIGH
Execution with Unnecessary Privileges (CWE-250)
2022-11-28 ics-cert@hq.dhs.gov
Privilege Escalation Debian Uc 2101 Lx Firmware Uc 2102 Lx Firmware Uc 2104 Lx Firmware Uc 2111 Lx Firmware Uc 2112 Lx Firmware Uc 2102 T Lx Firmware Uc 2114 T Lx Firmware Uc 2116 T Lx Firmware Uc 3101 T Us Lx Firmware Uc 3101 T Eu Lx Firmware Uc 3111 T Us Lx Firmware Uc 3111 T Eu Lx Firmware Uc 3121 T Us Lx Firmware Uc 3121 T Eu Lx Firmware Uc 3101 T Ap Lx Firmware Uc 3111 T Ap Lx Firmware Uc 3121 T Ap Lx Firmware Uc 3111 T Eu Lx Nw Firmware Uc 3111 T Ap Lx Nw Firmware Uc 3111 T Us Lx Nw Firmware Uc 5101 Lx Firmware Uc 5101 T Lx Firmware Uc 5102 Lx Firmware Uc 5102 T Lx Firmware Uc 5111 Lx Firmware Uc 5111 T Lx Firmware Uc 5112 Lx Firmware Uc 5112 T Lx Firmware Uc 8131 Lx Firmware Uc 8132 Lx Firmware Uc 8162 Lx Firmware Uc 8112 Lx Firmware Uc 8112 Me T Lx1 Firmware Uc 8112 Me T Lx Firmware Uc 8112A Me T Lx Firmware Uc 8220 T Lx S Firmware Uc 8220 T Lx Firmware Uc 8220 T Lx Us S Firmware Uc 8220 T Lx Eu S Firmware Uc 8220 T Lx Ap S Firmware Aig 301 T Us Azu Lx Firmware Aig 301 T Eu Azu Lx Firmware Aig 301 T Ap Azu Lx Firmware Aig 301 T Cn Azu Lx Firmware Aig 301 T Azu Lx Firmware Aig 301 Azu Lx Firmware Aig 301 Us Azu Lx Firmware Aig 301 Eu Azu Lx Firmware Aig 301 Ap Azu Lx Firmware Aig 301 Cn Azu Lx Firmware Uc 8410A Lx Firmware Uc 8410A T Lx Firmware Uc 8410A Nw Lx Firmware Uc 8410A Nw T Lx Firmware Uc 8580 Lx Firmware Uc 8580 T Lx Firmware Uc 8580 T Ct Lx Firmware Uc 8580 Q Lx Firmware Uc 8580 T Q Lx Firmware Uc 8580 T Ct Q Lx Firmware Uc 8540 Lx Firmware Uc 8540 T Lx Firmware Uc 8540 T Ct Lx Firmware Da 662C 16 Lx Firmware
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 28, 2022 - 22:15 nvd
HIGH 7.8

DescriptionNVD

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.

AnalysisAI

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-250. UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. Affected products include: Moxa Uc-2101-Lx Firmware, Moxa Uc-2102-Lx Firmware, Moxa Uc-2104-Lx Firmware, Moxa Uc-2111-Lx Firmware, Moxa Uc-2112-Lx Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2022-3088 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy