CVE-2022-3088

CVSS V2 None CVSS V3 None

Description

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.

Overview

CVE ID
CVE-2022-3088

Assigner
ics-cert@hq.dhs.gov

Vulnerability Status
Modified

Published Version
2022-11-28T22:15:10

Last Modified Date
2022-12-07T20:15:11

Weakness Enumerations

CWE	URL
CWE-250	http://cwe.mitre.org/data/definitions/250.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
		AND
cpe:2.3:o:moxa:uc-2101-lx_firmware::::::::	1	OR	1.0	1.12
cpe:2.3:h:moxa:uc-2101-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-2102-lx_firmware::::::::	1	OR	1.0	1.2
cpe:2.3:h:moxa:uc-2102-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-2104-lx_firmware::::::::	1	OR	1.0	1.2
cpe:2.3:h:moxa:uc-2104-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-2111-lx_firmware::::::::	1	OR	1.0	1.2
cpe:2.3:h:moxa:uc-2111-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-2112-lx_firmware::::::::	1	OR	1.0	1.2
cpe:2.3:h:moxa:uc-2112-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-2102-t-lx_firmware::::::::	1	OR	1.0	1.2
cpe:2.3:h:moxa:uc-2102-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-2114-t-lx_firmware::::::::	1	OR	1.0	1.2
cpe:2.3:h:moxa:uc-2114-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-2116-t-lx_firmware::::::::	1	OR	1.0	1.2
cpe:2.3:h:moxa:uc-2116-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3101-t-us-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3101-t-us-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3101-t-eu-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3101-t-eu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3111-t-us-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3111-t-us-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3111-t-eu-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3111-t-eu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3121-t-us-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3121-t-us-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3121-t-eu-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3121-t-eu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3101-t-ap-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3101-t-ap-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3111-t-ap-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3111-t-ap-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3121-t-ap-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3121-t-ap-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3111-t-eu-lx-nw_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3111-t-eu-lx-nw:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3111-t-ap-lx-nw_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3111-t-ap-lx-nw:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-3111-t-us-lx-nw_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-3111-t-us-lx-nw:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-5101-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:uc-5101-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-5101-t-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:uc-5101-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-5102-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:uc-5102-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-5102-t-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:uc-5102-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-5111-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:uc-5111-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-5111-t-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:uc-5111-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-5112-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:uc-5112-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-5112-t-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:uc-5112-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8131-lx_firmware::::::::	1	OR	3.0	3.5
cpe:2.3:h:moxa:uc-8131-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8132-lx_firmware::::::::	1	OR	3.0	3.5
cpe:2.3:h:moxa:uc-8132-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8162-lx_firmware::::::::	1	OR	3.0	3.5
cpe:2.3:h:moxa:uc-8162-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8112-lx_firmware::::::::	1	OR	3.0	3.5
cpe:2.3:h:moxa:uc-8112-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8112-me-t-lx1_firmware:3.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8112-me-t-lx1_firmware:3.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8112-me-t-lx1:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8112-me-t-lx_firmware:3.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8112-me-t-lx_firmware:3.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8112-me-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8112a-me-t-lx_firmware::::::::	1	OR	1.0	1.6
cpe:2.3:h:moxa:uc-8112a-me-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8220-t-lx-s_firmware::::::::	1	OR	1.0	1.5
cpe:2.3:h:moxa:uc-8220-t-lx-s:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8220-t-lx_firmware::::::::	1	OR	1.0	1.5
cpe:2.3:h:moxa:uc-8220-t-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware::::::::	1	OR	1.0	1.5
cpe:2.3:h:moxa:uc-8220-t-lx-us-s:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8220-t-lx-eu-s_firmware::::::::	1	OR	1.0	1.5
cpe:2.3:h:moxa:uc-8220-t-lx-eu-s:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8220-t-lx-ap-s_firmware::::::::	1	OR	1.0	1.5
cpe:2.3:h:moxa:uc-8220-t-lx-ap-s:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-t-us-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-t-us-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-t-eu-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-t-eu-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-t-ap-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-t-ap-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-t-cn-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-t-cn-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-t-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-t-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-us-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-us-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-eu-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-eu-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-ap-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-ap-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:aig-301-cn-azu-lx_firmware::::::::	1	OR	1.0	1.4
cpe:2.3:h:moxa:aig-301-cn-azu-lx:-:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8410a-lx_firmware::::::::	1	OR	4.0.2	4.1.2
cpe:2.3:h:moxa:uc-8410a-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8410a-t-lx_firmware::::::::	1	OR	4.0.2	4.1.2
cpe:2.3:h:moxa:uc-8410a-t-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8410a-nw-lx_firmware::::::::	1	OR	4.0.2	4.1.2
cpe:2.3:h:moxa:uc-8410a-nw-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8410a-nw-t-lx_firmware::::::::	1	OR	4.0.2	4.1.2
cpe:2.3:h:moxa:uc-8410a-nw-t-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8580-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8580-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8580-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8580-t-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8580-t-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8580-t-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8580-t-ct-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8580-t-ct-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8580-t-ct-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8580-q-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8580-q-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8580-q-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8580-t-q-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8580-t-q-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8580-t-q-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8580-t-ct-q-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8580-t-ct-q-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8580-t-ct-q-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8540-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8540-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8540-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8540-t-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8540-t-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8540-t-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:uc-8540-t-ct-lx_firmware:2.0:::::::*	1	OR
cpe:2.3:o:moxa:uc-8540-t-ct-lx_firmware:2.1:::::::*	1	OR
cpe:2.3:h:moxa:uc-8540-t-ct-lx:-:::::::*	0	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	0	OR
		AND
cpe:2.3:o:moxa:da-662c-16-lx_firmware::::::::	1	OR	1.0.2	1.1.2
cpe:2.3:h:moxa:da-662c-16-lx:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05	Third Party Advisory US Government Resource

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-3088
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3088

History

Created	Old Value	New Value	Data Type	Notes
2022-12-07 18:05:22				Added to TrackCVE
2022-12-07 20:16:48	2022-11-28T22:15:10.783	2022-11-28T22:15:10	CVE Published Date	updated
2022-12-07 20:16:48		2022-12-07T20:15:11	CVE Modified Date	updated
2022-12-07 20:16:49	UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1 UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.	UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.	Description	updated
2022-12-08 06:39:20	Modified	Undergoing Analysis	Vulnerability Status	updated
2022-12-10 05:35:32	Undergoing Analysis	Modified	Vulnerability Status	updated