U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2022-3086

Change History

CVE Modified by ICS-CERT 12/07/2022 7:15:10 PM

Action Type Old Value New Value
Changed Description
An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.
Added CVSS V3.1

								
							
							
						
ICS-CERT AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Removed CVSS V3.1
ICS-CERT AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

								
						
Added CWE

								
							
							
						
ICS-CERT CWE-77
Removed CWE
ICS-CERT CWE-1263

								
						
Added Reference

								
							
							
						
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02 [No Types Assigned]
Removed Reference
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04 [Third Party Advisory, US Government Resource]