Skip to main content

Microsoft CVE-2026-4483

| EUVDEUVD-2026-20111 HIGH
Exposed IOCTL with Insufficient Access Control (CWE-782)
2026-04-08 Moxa
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:02 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.4.0,1.5.0
EUVD ID Assigned
Apr 08, 2026 - 07:45 euvd
EUVD-2026-20111
Analysis Generated
Apr 08, 2026 - 07:45 vuln.today
CVE Published
Apr 08, 2026 - 07:25 nvd
HIGH 7.0

DescriptionCVE.org

An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker with high privileges could abuse these interfaces to perform unauthorized operations. Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition. The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted. No impact to the subsequent system has been identified.

AnalysisAI

Moxa MxGeneralIo utility versions prior to 1.4.0/1.5.0 expose IOCTL interfaces allowing authenticated high-privilege local attackers to directly access Model-Specific Registers (MSR) and system memory, enabling privilege escalation on Windows 7 or denial-of-service crashes (BSoD) on Windows 10/11. While CVSS 7.0 reflects high availability impact and network attack vector classification, the actual exploit requires local high-privilege access (PR:H), significantly reducing practical risk. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept has been identified at time of analysis, though vendor advisory confirms patch availability.

Technical ContextAI

This vulnerability stems from CWE-782 (Exposed IOCTL with Insufficient Access Control) in Moxa's MxGeneralIo driver utility, designed for industrial x86 computers. The affected component exposes Input/Output Control (IOCTL) interfaces-privileged kernel-mode communication channels between user applications and device drivers. These specific IOCTLs permit direct manipulation of CPU Model-Specific Registers (MSRs) and raw system memory without adequate permission validation beyond initial high-privilege authentication. MSR access allows control over low-level processor features including performance counters, power management, and security configurations, while unrestricted memory access enables reading/writing arbitrary kernel memory. The CPE identifiers confirm impact to Moxa MxGeneralIo utility across versions below 1.4.0 and 1.5.0, suggesting multiple product lines. Operating system behavior differs significantly: Windows 7's weaker kernel protections permit privilege escalation to SYSTEM level, while Windows 10/11 enhanced security features (Kernel Patch Protection, Driver Signature Enforcement) cause system instability and Blue Screen of Death crashes when unauthorized kernel memory modifications are attempted.

RemediationAI

Moxa has released patched versions addressing this IOCTL exposure vulnerability. Organizations should immediately upgrade MxGeneralIo utility to version 1.4.0 or 1.5.0 (depending on product branch) or later versions as specified in the vendor security advisory available at https://www.moxa.com/en/support/product-support/security-advisory/mpsa-254811-cve-2026-4483-exposed-ioctl-with-insufficient-access-control-vulnerability-in-the-utility-for-x86-computers. The advisory provides specific patched versions for different Moxa industrial computer models and download links for authorized updates. Since the vulnerability requires high-privilege local access, interim risk reduction measures include restricting administrative account usage through principle of least privilege, enabling Windows User Account Control (UAC), monitoring for unauthorized driver installations, and implementing application whitelisting to prevent execution of unauthorized utilities that might interact with the vulnerable IOCTLs. Organizations still operating Windows 7 systems should prioritize migration to supported operating systems as privilege escalation represents higher risk on legacy platforms. No effective workaround exists beyond access control hardening, making vendor patch deployment the only complete remediation.

Share

CVE-2026-4483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy