Uc 1200A Series
Monthly
Disk encryption bypass in Moxa UC-1200A series industrial computers allows an attacker with invasive physical access to recover the LUKS disk encryption key by sniffing the SPI bus between the CPU and TPM2 chip. The flaw is an incomplete fix for CVE-2026-0714 - Moxa added TPM2 parameter encryption but misconfigured the authorization session so the encryption provides no real protection. No public exploit identified at time of analysis, and the CVSS 4.0 vector (AV:P) reflects that exploitation is bounded to attackers who can physically open the device.
Disk encryption bypass in Moxa UC-1200A series industrial computers allows an attacker with invasive physical access to recover the LUKS disk encryption key by sniffing the SPI bus between the CPU and TPM2 chip. The flaw is an incomplete fix for CVE-2026-0714 - Moxa added TPM2 parameter encryption but misconfigured the authorization session so the encryption provides no real protection. No public exploit identified at time of analysis, and the CVSS 4.0 vector (AV:P) reflects that exploitation is bounded to attackers who can physically open the device.