As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Sign In
Home Support Security Advisories CVE-2026-0714, CVE-2026-0715: Multiple Vulnerabilities in Industrial Computers

Product support

Security Advisories

Please sign in

Forgot your password?
Sign In
Remember Me.
Not a member? Sign up now
SUMMARY

CVE-2026-0714, CVE-2026-0715: Multiple Vulnerabilities in Industrial Computers

This security advisory addresses two vulnerabilities identified in Industrial Computers.

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

 

CVE-2026-0715

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

Given the high severity of these issues, users should apply the solutions immediately to reduce security risks.

 

The Identified Vulnerability Type and Potential Impact 

CVE ID Vulnerability Type Impact

CVE-2026-0714

CWE-319: Cleartext Transmission of Sensitive Information

CAPEC-401: Physically Hacking Hardware

CVE-2026-0715

CWE-522: Insufficiently Protected Credentials

CAPEC-102: Session Sidejacking

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2026-0714

CVSS 4.0: 7.0

AV:P/AC:L/AT:N/PR:N/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

 High No
CVE-2026-0715

CVSS 4.0: 7.0

AV:P/AC:L/AT:N/PR:N/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

 High No
AFFECTED PRODUCTS AND SOLUTIONS

Solutions

Moxa has developed appropriate solutions to address the vulnerability. The solutions for the affected products are listed in the following table: 

Product Series Affected Versions Solutions

UC Series

  • UC-1200A Series
  • UC-2200A Series
  • UC-3400A Series
  • UC-4400A Series
  • UC-8200 Series

OS image (MIL v3.4.1)

  • v1.4 and earlier 
  • v1.4 and earlier 
  • v1.2 and earlier 
  • v1.3 and earlier 
  • v1.5 and earlier 

CVE-2026-0714

  • Please refer to Update Instructions as the primary remediation step
  • For additional support, please contact Moxa Technical Support for the security patch 
    (Kernel Version: 5.10.234-cip57-rt25-moxa9-1+deb11u2) 

CVE-2026-0715

  • Please refer to Mitigations

V Series

  • V1200 Series

OS image (MIL3)

  • v1.2.0 and earlier 

CVE-2026-0714

  • Please refer to Update Instructions as the primary remediation step
  • For additional support, please contact Moxa Technical Support for the security patch 
    (Kernel Version: 5.10.234-cip57-rt25-moxa9-1+deb11u2) 

CVE-2026-0715

  • Please refer to Mitigations

V2406C Series

  • V2406C WL Models

OS image (MIL2)

  • v1.2 and earlier

CVE-2026-0714

  • Please refer to Mitigations

 

Update Instructions

Run the command corresponding to your product series to update security patches.

Product Series Command

UC-1200A Series

$ sudo apt update && sudo apt install linux-image-5.10.0-cip-rt-moxa-am64x=5.10.234-cip57-rt25-moxa9-1+deb11u2
UC-2200A Series $ sudo apt update && sudo apt install linux-image-5.10.0-cip-rt-moxa-am64x=5.10.234-cip57-rt25-moxa9-1+deb11u2
UC-3400A Series $ sudo apt update && sudo apt install linux-image-5.10.0-cip-rt-moxa-am62x=5.10.234-cip57-rt25-moxa9-1+deb11u2
UC-4400A Series $ sudo apt update && sudo apt install linux-image-5.10.0-cip-rt-moxa-imx8mp=5.10.234-cip57-rt25-moxa9-1+deb11u2
UC-8200 Series $ sudo apt update && sudo apt install linux-image-5.10.0-cip-rt-moxa-imx7d=5.10.234-cip57-rt25-moxa9-1+deb11u2
V1200 Series $ sudo apt update && sudo apt install linux-image-5.10.0-cip-rt-moxa-imx8mp=5.10.234-cip57-rt25-moxa9-1+deb11u2

After updating the security patches, the system must be rebooted. After the system has rebooted, perform a version check to ensure the update was successful.

Product Series Command Note

All Series

$ sudo reboot

 Reboot System
All Series $ dpkg-query -W linux-image-5.10.0-cip-rt-moxa* Check Version

 

Mitigations

For users where physical access control cannot be guaranteed, and who may not be able to perform the update, we provide the following recommended mitigation measures as an alternative to mitigate the risk associated with the vulnerability.

  • For the UC Series and V Series, users are suggested to "Change the bootloader default password". Please refer to Moxa Industrial Linux 3.x (Debian 11) Arm-based Computers Manual (with Security Hardening Guide) v3.1 (page 123) or later versions for more information. 
  • For the V2406C WL Models, operate the device within a controlled physical access environment to mitigate risks associated with unauthorized physical access.
  • Refer to the General Security Recommendations section to further strengthen your security context.

 

General Security Recommendations

To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:

  1. Restrict Network Access
    • Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
    • Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
  2. Minimize Exposure
    • Avoid exposing devices directly to the Internet.
    • Disable unused network services and ports to reduce the attack surface.
  3. Enhance Device Authentication and Access Control
    • Implement multi-factor authentication (MFA) for accessing critical systems.
    • Use role-based access control (RBAC) to enforce the principle of least privilege.
  4. Regularly Update Firmware and Software
    • Keep devices updated with the latest firmware versions and security patches.
    • Establish a regular patch management schedule to address newly identified vulnerabilities.
  5. Secure Remote Access
    • Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
    • Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
  6. Implement Anomaly Detection Techniques
    • Monitor network traffic and device behavior for unusual or unauthorized activities.
    • Use tools or techniques that can identify anomalies and provide alerts for potential threats.
  7. Implement Logging and Monitoring
    • Enable event logging and maintain audit trails on devices.
    • Regularly review logs for anomalies and unauthorized access attempts.
  8. Conduct Regular Security Assessments
    • Perform vulnerability assessments to identify potential risks.
    • Regularly review device configurations to ensure compliance with security policies.

 

Acknowledgement

We would like to express our gratitude to Cyloq for reporting the vulnerability, collaborating with us to enhance the security of our products, and contributing to our efforts to deliver better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release February 6, 2026

Relevant Products

UC-1200A Series · UC-2200A Series · UC-3400A Series · UC-4400A Series · UC-8200 Series · V1200 Series · V2406C Series ·

  •   Print this page

  • Save
    You can manage and share your saved list in My Moxa
Related Advisories
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
 
 
Added To Bag

View Bag
You have some items waiting in your bag; click here to finish your quote!

You are currently on the Global / English site.
Would you like to go to the site for your region?

Feedback