CVE-2022-3088

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:moxa:uc-2101-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-2101-lx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:moxa:uc-2102-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-2102-lx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:moxa:uc-2104-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-2104-lx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:moxa:uc-2111-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-2111-lx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:moxa:uc-2112-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-2112-lx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:moxa:uc-2102-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-2102-t-lx:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:moxa:uc-2114-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-2114-t-lx:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:moxa:uc-2116-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-2116-t-lx:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:moxa:uc-3101-t-us-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3101-t-us-lx:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:moxa:uc-3101-t-eu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3101-t-eu-lx:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:moxa:uc-3111-t-us-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3111-t-us-lx:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:moxa:uc-3111-t-eu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3111-t-eu-lx:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:moxa:uc-3121-t-us-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3121-t-us-lx:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:moxa:uc-3121-t-eu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3121-t-eu-lx:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:moxa:uc-3101-t-ap-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3101-t-ap-lx:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:moxa:uc-3111-t-ap-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3111-t-ap-lx:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:moxa:uc-3121-t-ap-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3121-t-ap-lx:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:moxa:uc-3111-t-eu-lx-nw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3111-t-eu-lx-nw:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:moxa:uc-3111-t-ap-lx-nw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3111-t-ap-lx-nw:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:moxa:uc-3111-t-us-lx-nw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-3111-t-us-lx-nw:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:moxa:uc-5101-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-5101-lx:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:moxa:uc-5101-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-5101-t-lx:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:moxa:uc-5102-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-5102-lx:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:moxa:uc-5102-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-5102-t-lx:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:moxa:uc-5111-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-5111-lx:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:moxa:uc-5111-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-5111-t-lx:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:moxa:uc-5112-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-5112-lx:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:moxa:uc-5112-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-5112-t-lx:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:moxa:uc-8131-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8131-lx:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:moxa:uc-8132-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8132-lx:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:moxa:uc-8162-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8162-lx:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:moxa:uc-8112-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8112-lx:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8112-me-t-lx1_firmware:3.0:::::::*
	cpe:2.3:o:moxa:uc-8112-me-t-lx1_firmware:3.1:::::::*

cpe:2.3:h:moxa:uc-8112-me-t-lx1:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8112-me-t-lx_firmware:3.0:::::::*
	cpe:2.3:o:moxa:uc-8112-me-t-lx_firmware:3.1:::::::*

cpe:2.3:h:moxa:uc-8112-me-t-lx:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:moxa:uc-8112a-me-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8112a-me-t-lx:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:moxa:uc-8220-t-lx-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8220-t-lx-s:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:moxa:uc-8220-t-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8220-t-lx:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8220-t-lx-us-s:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:moxa:uc-8220-t-lx-eu-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8220-t-lx-eu-s:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:moxa:uc-8220-t-lx-ap-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:uc-8220-t-lx-ap-s:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:moxa:aig-301-t-us-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-t-us-azu-lx:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:moxa:aig-301-t-eu-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-t-eu-azu-lx:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:moxa:aig-301-t-ap-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-t-ap-azu-lx:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:moxa:aig-301-t-cn-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-t-cn-azu-lx:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:moxa:aig-301-t-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-t-azu-lx:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:moxa:aig-301-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-azu-lx:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:moxa:aig-301-us-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-us-azu-lx:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND

cpe:2.3:o:moxa:aig-301-eu-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-eu-azu-lx:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND

cpe:2.3:o:moxa:aig-301-ap-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-ap-azu-lx:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND

cpe:2.3:o:moxa:aig-301-cn-azu-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:aig-301-cn-azu-lx:-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND

cpe:2.3:o:moxa:uc-8410a-lx_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:uc-8410a-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 52 (hide)

AND

cpe:2.3:o:moxa:uc-8410a-t-lx_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:uc-8410a-t-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 53 (hide)

AND

cpe:2.3:o:moxa:uc-8410a-nw-lx_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:uc-8410a-nw-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 54 (hide)

AND

cpe:2.3:o:moxa:uc-8410a-nw-t-lx_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:moxa:uc-8410a-nw-t-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 55 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8580-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8580-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8580-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 56 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8580-t-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8580-t-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8580-t-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 57 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8580-t-ct-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8580-t-ct-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8580-t-ct-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 58 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8580-q-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8580-q-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8580-q-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 59 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8580-t-q-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8580-t-q-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8580-t-q-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 60 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8580-t-ct-q-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8580-t-ct-q-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8580-t-ct-q-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 61 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8540-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8540-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8540-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 62 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8540-t-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8540-t-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8540-t-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 63 (hide)

AND

OR	cpe:2.3:o:moxa:uc-8540-t-ct-lx_firmware:2.0:::::::*
	cpe:2.3:o:moxa:uc-8540-t-ct-lx_firmware:2.1:::::::*

OR	cpe:2.3:h:moxa:uc-8540-t-ct-lx:-:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 64 (hide)

AND

cpe:2.3:o:moxa:da-662c-16-lx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:da-662c-16-lx:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05 - Third Party Advisory, US Government Resource

Information

Published : 2022-11-28 22:15

Updated : 2024-11-21 07:18

NVD link : CVE-2022-3088

Mitre link : CVE-2022-3088

CVE.ORG link : CVE-2022-3088

JSON object : View

Products Affected

moxa

uc-3121-t-ap-lx
aig-301-t-eu-azu-lx
uc-3111-t-eu-lx-nw_firmware
uc-8410a-t-lx_firmware
uc-3121-t-us-lx_firmware
uc-5111-t-lx_firmware
uc-3111-t-ap-lx-nw_firmware
uc-3121-t-ap-lx_firmware
uc-8580-lx
uc-8220-t-lx
uc-3111-t-us-lx
uc-5112-t-lx_firmware
uc-3101-t-us-lx
uc-5102-t-lx_firmware
uc-2102-t-lx
aig-301-ap-azu-lx
aig-301-azu-lx_firmware
uc-8410a-t-lx
uc-8131-lx_firmware
uc-8131-lx
uc-5112-lx
uc-3121-t-eu-lx_firmware
uc-5102-lx
uc-8220-t-lx-us-s
uc-5102-t-lx
uc-8540-t-lx_firmware
uc-5112-t-lx
uc-3111-t-eu-lx
uc-8132-lx
uc-8162-lx
uc-8220-t-lx-ap-s
uc-8220-t-lx-eu-s_firmware
uc-8112-me-t-lx_firmware
uc-8220-t-lx_firmware
uc-2112-lx_firmware
uc-8220-t-lx-s_firmware
uc-8220-t-lx-eu-s
aig-301-t-cn-azu-lx
uc-8540-t-lx
uc-8580-q-lx
uc-3101-t-eu-lx
uc-3111-t-us-lx-nw
uc-3111-t-ap-lx-nw
uc-3111-t-us-lx_firmware
uc-8410a-lx
uc-2102-lx_firmware
aig-301-t-ap-azu-lx
aig-301-eu-azu-lx
uc-5111-lx
aig-301-cn-azu-lx_firmware
uc-8220-t-lx-us-s_firmware
uc-5111-t-lx
uc-8580-t-lx
uc-8112-lx_firmware
uc-8580-t-ct-q-lx
uc-8410a-nw-t-lx_firmware
aig-301-t-us-azu-lx_firmware
uc-2114-t-lx
aig-301-ap-azu-lx_firmware
uc-8132-lx_firmware
uc-8580-t-ct-lx
uc-8580-t-ct-q-lx_firmware
uc-2104-lx_firmware
uc-8220-t-lx-ap-s_firmware
aig-301-us-azu-lx_firmware
uc-8112-me-t-lx
uc-8112a-me-t-lx
uc-2101-lx_firmware
uc-8220-t-lx-s
uc-8410a-lx_firmware
uc-8112a-me-t-lx_firmware
aig-301-t-azu-lx
uc-2111-lx_firmware
uc-8112-me-t-lx1
uc-2116-t-lx
uc-8540-lx_firmware
aig-301-t-cn-azu-lx_firmware
uc-8410a-nw-t-lx
aig-301-t-ap-azu-lx_firmware
uc-2111-lx
uc-2101-lx
uc-8410a-nw-lx
aig-301-azu-lx
uc-8112-me-t-lx1_firmware
uc-8580-t-ct-lx_firmware
uc-3101-t-ap-lx
uc-8580-t-q-lx_firmware
uc-5111-lx_firmware
uc-2104-lx
uc-2112-lx
uc-3101-t-ap-lx_firmware
uc-8112-lx
aig-301-t-us-azu-lx
uc-2102-lx
uc-8580-t-q-lx
uc-3121-t-us-lx
uc-2114-t-lx_firmware
uc-2102-t-lx_firmware
uc-3111-t-ap-lx_firmware
uc-5101-t-lx
uc-3121-t-eu-lx
uc-8410a-nw-lx_firmware
uc-3111-t-eu-lx_firmware
uc-8580-lx_firmware
uc-2116-t-lx_firmware
uc-5102-lx_firmware
aig-301-eu-azu-lx_firmware
aig-301-us-azu-lx
uc-5101-lx
uc-3101-t-us-lx_firmware
uc-3111-t-ap-lx
uc-3111-t-us-lx-nw_firmware
aig-301-t-azu-lx_firmware
uc-3111-t-eu-lx-nw
uc-8162-lx_firmware
da-662c-16-lx_firmware
uc-5101-lx_firmware
uc-5101-t-lx_firmware
aig-301-t-eu-azu-lx_firmware
aig-301-cn-azu-lx
da-662c-16-lx
uc-8580-q-lx_firmware
uc-8540-t-ct-lx
uc-8540-t-ct-lx_firmware
uc-8580-t-lx_firmware
uc-3101-t-eu-lx_firmware
uc-5112-lx_firmware
uc-8540-lx

debian

debian_linux

CWE

CWE-250

Execution with Unnecessary Privileges

CWE-269

Improper Privilege Management

7.8 /10