CVE-2026-0714

MEDIUM

Moxa Industrial Linux 3 - Physical Attack

Title source: llm

Description

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

References (1)

[Various Sources] https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers

Scores

CVSS v3 6.8

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-319

Status published

Products (35)

moxa/uc-1222a_firmware < 1.4

moxa/uc-2222a-t-ap_firmware < 1.4

moxa/uc-2222a-t-eu_firmware < 1.4

moxa/uc-2222a-t-us_firmware < 1.4

moxa/uc-2222a-t_firmware < 1.4

moxa/uc-3420a-t-lte_firmware < 1.2

moxa/uc-3424a-t-lte_firmware < 1.2

moxa/uc-3430a-t-lte-wifi_firmware < 1.2

moxa/uc-3434a-t-lte-wifi_firmware < 1.2

moxa/uc-4410a-t_firmware < 1.3

... and 25 more

Published Feb 05, 2026

Tracked Since Feb 18, 2026