V1222 Ct T Firmware
CVE-2026-0714
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.
AnalysisAI
TPM-backed LUKS encryption bypass in Moxa Industrial Linux 3 on select industrial computers allows an attacker with invasive physical access to the SPI bus to intercept TPM communications and decrypt eMMC storage contents offline. This attack requires opening the device and connecting specialized equipment for extended signal capture, making it impractical for opportunistic access scenarios. Affected products include V1222 Ct T, Uc 3430a T Lte Wifi, Uc 8220 T Lx, and Uc 4414a I T firmware variants.
Technical ContextAI
Classified as CWE-319 (Cleartext Transmission of Sensitive Information). Affects Uc-1222A Firmware. A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or oppor
RemediationAI
Monitor vendor advisories for a patch.
More in V1222 Ct T Firmware
View allShare
External POC / Exploit Code
Leaving vuln.today