CVE-2026-0714

Q: What is the severity of CVE-2026-0714?

CVE-2026-0714 has a CVSS score of 6.8 (MEDIUM). This CVE describes a physical attack vulnerability in Moxa industrial computers where an attacker with invasive physical access can capture TPM communications via the SPI bus to potentially decrypt eMMC contents. It affects systems using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3. The attack requires extended physical access, specialized equipment, and cannot be performed remotely.

6.8 MEDIUM

📋 TL;DR

This CVE describes a physical attack vulnerability in Moxa industrial computers where an attacker with invasive physical access can capture TPM communications via the SPI bus to potentially decrypt eMMC contents. It affects systems using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3. The attack requires extended physical access, specialized equipment, and cannot be performed remotely.

💻 Affected Systems

Products:

Moxa industrial computers with TPM-backed LUKS full-disk encryption

Versions: Moxa Industrial Linux 3

Operating Systems: Moxa Industrial Linux 3

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with discrete TPM connected via SPI bus and using LUKS encryption; requires specific hardware configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of encrypted data on the device, allowing attackers to access sensitive industrial control system configurations, credentials, and proprietary data stored on the eMMC.

🟠

Likely Case

Limited impact due to the high barrier of physical access requirements; most likely to affect devices in unsecured physical locations or during maintenance/transport.

🟢

If Mitigated

Minimal impact if devices are physically secured in controlled environments with access restrictions and monitoring.

🌐 Internet-Facing: LOW - Remote exploitation is explicitly stated as not possible.

🏢 Internal Only: MEDIUM - Requires physical access, but industrial environments may have less stringent physical security than IT environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploitation requires invasive physical access, specialized SPI bus monitoring equipment, and significant time for signal capture/analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers

Restart Required: No

Instructions:

Check vendor advisory for updates; currently no software patch available. Focus on physical security controls.

🔧 Temporary Workarounds

Physical Security Enhancement

all

Implement strict physical access controls to prevent unauthorized access to devices.

Tamper Detection Implementation

all

Use tamper-evident seals and physical intrusion detection mechanisms.

🧯 If You Can't Patch

Deploy devices in physically secure locations with access controls and surveillance
Implement tamper-evident seals and regular physical inspection procedures

🔍 How to Verify

Check if Vulnerable:

Check if device uses Moxa Industrial Linux 3 with TPM-backed LUKS encryption via SPI bus connection.

Check Version:

Check system documentation or contact Moxa support for specific device configuration details.

Verify Fix Applied:

No software fix available; verify physical security controls are implemented.

📡 Detection & Monitoring

Log Indicators:

Physical tampering events, unauthorized physical access logs

Network Indicators:

None - this is a physical attack

SIEM Query:

Search for physical security breach alerts or tamper detection system events

📊 Metadata

CVE ID: CVE-2026-0714

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-319

EPSS Score: 0.01% exploit probability (0.3th percentile)

Published: February 5, 2026

Last Updated: February 18, 2026

🔗 References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Uc 1222a Firmware by Moxa

Uc 2222a T Ap Firmware by Moxa

Uc 2222a T Eu Firmware by Moxa

Uc 2222a T Firmware by Moxa

Uc 2222a T Us Firmware by Moxa

Uc 3420a T Lte Firmware by Moxa

Uc 3424a T Lte Firmware by Moxa

Uc 3430a T Lte Wifi Firmware by Moxa

Uc 3434a T Lte Wifi Firmware by Moxa

Uc 4410a T Firmware by Moxa

Uc 4414a I T Firmware by Moxa

Uc 4430a T Firmware by Moxa

Uc 4434a I T Firmware by Moxa

Uc 4450a T 5g Firmware by Moxa

Uc 4454a T 5g Firmware by Moxa

Uc 8210 T Lx S Firmware by Moxa

Uc 8220 T Lx Ap S Firmware by Moxa

Uc 8220 T Lx Eu S Firmware by Moxa

Uc 8220 T Lx Firmware by Moxa

Uc 8220 T Lx Us S Firmware by Moxa

V1202 Ct T Firmware by Moxa

V1222 Ct T Firmware by Moxa

V1222 W Ct T Firmware by Moxa

V2406c Kl1 Ct T Firmware by Moxa

V2406c Kl1 T Firmware by Moxa

V2406c Kl3 T Firmware by Moxa

V2406c Kl5 T Firmware by Moxa

V2406c Kl7 Ct T Firmware by Moxa

V2406c Kl7 T Firmware by Moxa

V2406c Wl1 Ct T Firmware by Moxa

V2406c Wl1 T Firmware by Moxa

V2406c Wl3 T Firmware by Moxa

V2406c Wl5 T Firmware by Moxa

V2406c Wl7 Ct T Firmware by Moxa

V2406c Wl7 T Firmware by Moxa