CVE-2026-0714 — MEDIUM (6.8)

Q: How severe is CVE-2026-0714?

CVE-2026-0714 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-0714?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Uc-1222A Firmware, Moxa Uc-1222A, Moxa Uc-2222A-T-Us Firmware, Moxa Uc-2222A-T-Us, Moxa Uc-2222A-T Firmware.

Vulnerability Description

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Moxa	Uc-1222A Firmware	<= 1.4
Moxa	Uc-1222A	-
Moxa	Uc-2222A-T-Us Firmware	<= 1.4
Moxa	Uc-2222A-T-Us	-
Moxa	Uc-2222A-T Firmware	<= 1.4
Moxa	Uc-2222A-T	-
Moxa	Uc-2222A-T-Ap Firmware	<= 1.4
Moxa	Uc-2222A-T-Ap	-
Moxa	Uc-2222A-T-Eu Firmware	<= 1.4
Moxa	Uc-2222A-T-Eu	-
Moxa	Uc-3434A-T-Lte-Wifi Firmware	<= 1.2
Moxa	Uc-3434A-T-Lte-Wifi	-
Moxa	Uc-3424A-T-Lte Firmware	<= 1.2
Moxa	Uc-3424A-T-Lte	-
Moxa	Uc-3420A-T-Lte Firmware	<= 1.2
Moxa	Uc-3420A-T-Lte	-
Moxa	Uc-3430A-T-Lte-Wifi Firmware	<= 1.2
Moxa	Uc-3430A-T-Lte-Wifi	-
Moxa	Uc-4450A-T-5G Firmware	<= 1.3
Moxa	Uc-4450A-T-5G	-

Related Weaknesses (CWE)

CWE-319

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cvVendor Advisory

FAQ

What is CVE-2026-0714?

CVE-2026-0714 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an...

How severe is CVE-2026-0714?

CVE-2026-0714 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0714?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Uc-1222A Firmware, Moxa Uc-1222A, Moxa Uc-2222A-T-Us Firmware, Moxa Uc-2222A-T-Us, Moxa Uc-2222A-T Firmware.