阿里云漏洞库

漏洞描述

MOXA UC Series是中国摩莎（MOXA）公司的一系列计算机。

Moxa UC存在安全漏洞，该漏洞源于具有物理访问权限的攻击者可以启动设备重启并获得对其BIOS的访问权限，然后可以更改命令行选项，攻击者利用该漏洞可以修改设备的身份验证文件以创建新用户并获得对系统的完全访问权限。

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	moxa	uc-2101-lx_firmware	*	From (including) 1.3	Up to (including) 1.5
	运行在以下环境
	系统	moxa	uc-2102-lx_firmware	*	From (including) 1.3	Up to (including) 1.5
	运行在以下环境
	系统	moxa	uc-2102-t-lx_firmware	*	From (including) 1.3	Up to (including) 1.5
	运行在以下环境
	系统	moxa	uc-2104-lx_firmware	*	From (including) 1.3	Up to (including) 1.5
	运行在以下环境
	系统	moxa	uc-2111-lx_firmware	*	From (including) 1.3	Up to (including) 1.5
	运行在以下环境
	系统	moxa	uc-2112-lx_firmware	*	From (including) 1.3	Up to (including) 1.5
	运行在以下环境
	系统	moxa	uc-2114-t-lx_firmware	*	From (including) 1.3	Up to (including) 1.5
	运行在以下环境
	系统	moxa	uc-2114-t-lx_firmware	-	-
	运行在以下环境
	系统	moxa	uc-2116-t-lx_firmware	*	From (including) 1.3	Up to (including) 1.5
	运行在以下环境
	系统	moxa	uc-3101-t-ap-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3101-t-eu-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3101-t-us-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3111-t-ap-lx-nw_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3111-t-ap-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3111-t-eu-lx-nw_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3111-t-eu-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3111-t-us-lx-nw_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3111-t-us-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3121-t-ap-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3121-t-eu-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-3121-t-us-lx_firmware	*	From (including) 1.2	Up to (including) 2.0
	运行在以下环境
	系统	moxa	uc-5101-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-5101-t-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-5102-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-5102-t-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-5111-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-5111-t-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-5112-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-5112-t-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-8112-lx_firmware	1.2	-
	运行在以下环境
	系统	moxa	uc-8112-me-t-lx1_firmware	*	From (including) 1.0	Up to (including) 1.1
	运行在以下环境
系统	moxa	uc-8112-me-t-lx_firmware	*	From (including) 1.0	Up to (including) 1.1
运行在以下环境
系统	moxa	uc-8112a-me-t-lx_firmware	*	From (including) 1.0	Up to (including) 1.1
运行在以下环境
系统	moxa	uc-8131-lx_firmware	1.2	-
运行在以下环境
系统	moxa	uc-8132-lx_firmware	1.2	-
运行在以下环境
系统	moxa	uc-8162-lx_firmware	1.2	-
运行在以下环境
系统	moxa	uc-8210-t-lx-s_firmware	*	From (including) 1.0	Up to (including) 2.4
运行在以下环境
系统	moxa	uc-8220-t-lx-ap-s_firmware	*	From (including) 1.0	Up to (including) 2.4
运行在以下环境
系统	moxa	uc-8220-t-lx-eu-s_firmware	*	From (including) 1.0	Up to (including) 2.4
运行在以下环境
系统	moxa	uc-8220-t-lx-s_firmware	*	From (including) 1.0	Up to (including) 2.4
运行在以下环境
系统	moxa	uc-8220-t-lx-us-s_firmware	*	From (including) 1.0	Up to (including) 2.4
运行在以下环境
系统	moxa	uc-8220-t-lx_firmware	*	From (including) 1.0	Up to (including) 2.4
运行在以下环境
系统	moxa	uc-8410a-lx_firmware	2.2	-
运行在以下环境
系统	moxa	uc-8410a-nw-lx_firmware	2.2	-
运行在以下环境
系统	moxa	uc-8410a-nw-t-lx_firmware	2.2	-
运行在以下环境
系统	moxa	uc-8410a-t-lx_firmware	2.2	-
运行在以下环境
系统	moxa	uc-8540-lx_firmware	*	From (including) 1.0	Up to (including) 1.2
运行在以下环境
系统	moxa	uc-8540-t-ct-lx_firmware	*	From (including) 1.0	Up to (including) 1.2
运行在以下环境
系统	moxa	uc-8540-t-lx_firmware	*	From (including) 1.0	Up to (including) 1.2
运行在以下环境
系统	moxa	uc-8580-lx_firmware	1.1	-
运行在以下环境
系统	moxa	uc-8580-q-lx_firmware	1.1	-
运行在以下环境
系统	moxa	uc-8580-t-ct-lx_firmware	1.1	-
运行在以下环境
系统	moxa	uc-8580-t-ct-q-lx_firmware	1.1	-
运行在以下环境
系统	moxa	uc-8580-t-lx_firmware	1.1	-
运行在以下环境
系统	moxa	uc-8580-t-q-lx_firmware	1.1	-
运行在以下环境
硬件	moxa	uc-2101-lx	-	-
运行在以下环境
硬件	moxa	uc-2102-lx	-	-
运行在以下环境
硬件	moxa	uc-2102-t-lx	-	-
运行在以下环境
硬件	moxa	uc-2104-lx	-	-
运行在以下环境
硬件	moxa	uc-2111-lx	-	-
运行在以下环境
硬件	moxa	uc-2112-lx	-	-
运行在以下环境
硬件	moxa	uc-2114-t-lx	-	-
运行在以下环境
硬件	moxa	uc-2116-t-lx	-	-
运行在以下环境
硬件	moxa	uc-3101-t-ap-lx	-	-
运行在以下环境
硬件	moxa	uc-3101-t-eu-lx	-	-
运行在以下环境
硬件	moxa	uc-3101-t-us-lx	-	-
运行在以下环境
硬件	moxa	uc-3111-t-ap-lx	-	-
运行在以下环境
硬件	moxa	uc-3111-t-ap-lx-nw	-	-
运行在以下环境
硬件	moxa	uc-3111-t-eu-lx	-	-
运行在以下环境
硬件	moxa	uc-3111-t-eu-lx-nw	-	-
运行在以下环境
硬件	moxa	uc-3111-t-us-lx	-	-
运行在以下环境
硬件	moxa	uc-3111-t-us-lx-nw	-	-
运行在以下环境
硬件	moxa	uc-3121-t-ap-lx	-	-
运行在以下环境
硬件	moxa	uc-3121-t-eu-lx	-	-
运行在以下环境
硬件	moxa	uc-3121-t-us-lx	-	-
运行在以下环境
硬件	moxa	uc-5101-lx	-	-
运行在以下环境
硬件	moxa	uc-5101-t-lx	-	-
运行在以下环境
硬件	moxa	uc-5102-lx	-	-
运行在以下环境
硬件	moxa	uc-5102-t-lx	-	-
运行在以下环境
硬件	moxa	uc-5111-lx	-	-
运行在以下环境
硬件	moxa	uc-5111-t-lx	-	-
运行在以下环境
硬件	moxa	uc-5112-lx	-	-
运行在以下环境
硬件	moxa	uc-5112-t-lx	-	-
运行在以下环境
硬件	moxa	uc-8112-lx	-	-
运行在以下环境
硬件	moxa	uc-8112-me-t-lx	-	-
运行在以下环境
硬件	moxa	uc-8112-me-t-lx1	-	-
运行在以下环境
硬件	moxa	uc-8112a-me-t-lx	-	-
运行在以下环境
硬件	moxa	uc-8131-lx	-	-
运行在以下环境
硬件	moxa	uc-8132-lx	-	-
运行在以下环境
硬件	moxa	uc-8162-lx	-	-
运行在以下环境
硬件	moxa	uc-8210-t-lx-s	-	-
运行在以下环境
硬件	moxa	uc-8220-t-lx	-	-
运行在以下环境
硬件	moxa	uc-8220-t-lx-ap-s	-	-
运行在以下环境
硬件	moxa	uc-8220-t-lx-eu-s	-	-
运行在以下环境
硬件	moxa	uc-8220-t-lx-s	-	-
运行在以下环境
硬件	moxa	uc-8220-t-lx-us-s	-	-
运行在以下环境
硬件	moxa	uc-8410a-lx	-	-
运行在以下环境
硬件	moxa	uc-8410a-nw-lx	-	-
运行在以下环境
硬件	moxa	uc-8410a-nw-t-lx	-	-
运行在以下环境
硬件	moxa	uc-8410a-t-lx	-	-
运行在以下环境
硬件	moxa	uc-8540-lx	-	-
运行在以下环境
硬件	moxa	uc-8540-t-ct-lx	-	-
运行在以下环境
硬件	moxa	uc-8540-t-lx	-	-
运行在以下环境
硬件	moxa	uc-8580-lx	-	-
运行在以下环境
硬件	moxa	uc-8580-q-lx	-	-
运行在以下环境
硬件	moxa	uc-8580-t-ct-lx	-	-
运行在以下环境
硬件	moxa	uc-8580-t-ct-q-lx	-	-
运行在以下环境
硬件	moxa	uc-8580-t-lx	-	-
运行在以下环境
硬件	moxa	uc-8580-t-q-lx	-	-

攻击路径

物理
攻击复杂度

低
权限要求

无
影响范围

未更改
用户交互

无
可用性

高
保密性

高
完整性

高

CWE-ID	漏洞类型
CWE-1263	Improper Physical Access Control

Moxa UC 安全漏洞

漏洞描述

解决建议

参考链接

受影响软件情况