OTPulse
FeedAboutContact

Moxa UC Series

Monitor7.6ICS-CERT ICSA-22-333-04Nov 29, 2022
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Moxa UC Series industrial computers contain a vulnerability (CWE-1263) affecting multiple product lines. The vulnerability is not remotely exploitable and requires physical access to the device. Moxa has developed updates for all affected products and encourages users to contact Moxa Technical Support to obtain patches.

What this means
What could happen
An attacker with physical access to a UC Series computer could potentially execute code with elevated privileges, affecting any control or monitoring functions running on the device. This could disrupt operations or allow unauthorized modification of process parameters if the computer controls critical functions.
Who's at risk
Water authorities and utilities using Moxa UC Series industrial computers for supervisory control, data logging, or network connectivity should be concerned. This affects UC-8580, UC-2100-W, UC-8540, UC-8410A, UC-8200, UC-8100A-ME-T, UC-8100, UC-5100, UC-3100, and UC-2100 series computers used in control cabinets, remote monitoring stations, and gateway applications.
How it could be exploited
An attacker must have physical access to the device. They could exploit the vulnerability to gain code execution with high privileges, potentially allowing them to modify firmware, configuration, or running processes on the industrial computer.
Prerequisites
  • Physical access to the UC Series device
  • No authentication or credentials required
no authentication requiredaffects OT device (industrial computer)no patch currently available publicly
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (10)
10 with fix
ProductAffected VersionsFix Status
UC Series - UC-8540 Series: V1.0 to V1.2≥ 1.0 | ≤ 1.2Fix available
UC Series - UC-8410A Series: V2.22.2Fix available
UC Series - UC-8200 Series: V1.0 to V2.4≥ 1.0 | ≥ 2.4Fix available
UC Series - UC-8100 Series: V1.2 to V1.3≥ 1.2 | ≤ 1.3Fix available
UC Series - UC-5100 Series: V1.21.2Fix available
UC Series - UC-3100 Series: V1.2 to V2.0≥ 1.2 | ≤ 2.0Fix available
UC Series - UC-2100 Series: V1.3 to V1.5≥ 1.3 | ≤ 1.5Fix available
UC Series - UC-8580 Series: V1.11.1Fix available
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement physical access controls to UC Series computers, such as locked enclosures or restricted room access, to prevent unauthorized tampering
HARDENINGInventory all UC Series devices in your environment and document their versions to identify which units are affected
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa Technical Support (login required) to obtain and deploy the firmware update for your specific UC Series model and version
Long-term hardening
0/1
HARDENINGReview monitoring and logging on UC Series devices to detect any signs of unauthorized physical access or unusual activity
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c14e83c3-81c3-4345-bb0b-2d8f2a4f6536
Moxa UC Series | CVSS 7.6 - OTPulse