CVSS: 7.6EPSS: 0%CPEs: 109EXPL: 0CVE-2023-1257 – CVE-2023-1257
https://notcve.org/view.php?id=CVE-2023-1257
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04 •
CVSS: 7.6EPSS: 0%CPEs: 107EXPL: 0CVE-2022-3086 – Cradlepoint IBR600 Command Injection
https://notcve.org/view.php?id=CVE-2022-3086
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. Cradlepoint IBR600 NCOS versiones 6.5.0.160bc2e y anteriores son vulnerables al escape del shell, lo que permite a atacantes locales con credenciales que no sean de superusuario obtener acceso completo y sin restricciones al shell, lo que puede permitir a un atacante ejecutar código arbitrario. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 152EXPL: 0CVE-2022-3088
https://notcve.org/view.php?id=CVE-2022-3088
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. System Image UC-8100A-ME-T: Versiones v1.0 a v1.6, System Image UC-2100: Versiones v1.0 a v1.12, System Image UC-2100-W: Versiones v1.0 a v 1.12, System Image UC-3100: versiones v1.0 a v1.6, System Image UC-5100: versiones v1.0 a v1.4, System Image UC-8100: versiones v3.0 a v3.5, System Image UC-8100-ME-T: Versiones v3.0 y v3.1, System Image UC-8200: v1.0 a v1.5, System Image AIG-300: v1.0 a v1.4, System Image UC-8410A con Debian 9: Versiones v4.0.2 y v4.1.2, System Image UC-8580 con Debian 9: Versiones v2.0 y v2.1, System Image UC-8540 con Debian 9: Versiones v2.0 y v2.1, y System Image DA -662C-16-LX (GLB): Las versiones v1.0.2 a v1.1.2 Las máquinas basadas en ARM de Moxa tienen una vulnerabilidad de ejecución con privilegios innecesarios, lo que podría permitir que un atacante con privilegios de nivel de usuario obtenga privilegios de root. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •