CVE-2026-0715 — MEDIUM (6.8)

Q: How severe is CVE-2026-0715?

CVE-2026-0715 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-0715?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Uc-1222A Firmware, Moxa Uc-1222A, Moxa Uc-2222A-T-Us Firmware, Moxa Uc-2222A-T-Us, Moxa Uc-2222A-T Firmware.

Vulnerability Description

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface. Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Moxa	Uc-1222A Firmware	<= 1.4
Moxa	Uc-1222A	-
Moxa	Uc-2222A-T-Us Firmware	<= 1.4
Moxa	Uc-2222A-T-Us	-
Moxa	Uc-2222A-T Firmware	<= 1.4
Moxa	Uc-2222A-T	-
Moxa	Uc-2222A-T-Ap Firmware	<= 1.4
Moxa	Uc-2222A-T-Ap	-
Moxa	Uc-2222A-T-Eu Firmware	<= 1.4
Moxa	Uc-2222A-T-Eu	-
Moxa	Uc-3434A-T-Lte-Wifi Firmware	<= 1.2
Moxa	Uc-3434A-T-Lte-Wifi	-
Moxa	Uc-3424A-T-Lte Firmware	<= 1.2
Moxa	Uc-3424A-T-Lte	-
Moxa	Uc-3420A-T-Lte Firmware	<= 1.2
Moxa	Uc-3420A-T-Lte	-
Moxa	Uc-3430A-T-Lte-Wifi Firmware	<= 1.2
Moxa	Uc-3430A-T-Lte-Wifi	-
Moxa	Uc-4450A-T-5G Firmware	<= 1.3
Moxa	Uc-4450A-T-5G	-

Related Weaknesses (CWE)

CWE-522

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cvVendor Advisory

FAQ

What is CVE-2026-0715?

CVE-2026-0715 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this i...

How severe is CVE-2026-0715?

CVE-2026-0715 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0715?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Uc-1222A Firmware, Moxa Uc-1222A, Moxa Uc-2222A-T-Us Firmware, Moxa Uc-2222A-T-Us, Moxa Uc-2222A-T Firmware.