CVE-2026-0715

Q: What is the severity of CVE-2026-0715?

CVE-2026-0715 has a CVSS score of 6.8 (MEDIUM). This vulnerability allows attackers with physical access to Moxa industrial computers to access the bootloader menu using a device-unique password. The impact is limited because the bootloader enforces digital signature verification, preventing firmware tampering or arbitrary code execution. Only organizations using affected Moxa Arm-based industrial computers running Moxa Industrial Linux Secure are affected.

6.8 MEDIUM

📋 TL;DR

This vulnerability allows attackers with physical access to Moxa industrial computers to access the bootloader menu using a device-unique password. The impact is limited because the bootloader enforces digital signature verification, preventing firmware tampering or arbitrary code execution. Only organizations using affected Moxa Arm-based industrial computers running Moxa Industrial Linux Secure are affected.

💻 Affected Systems

Products:

Moxa Arm-based industrial computers

Versions: All versions running Moxa Industrial Linux Secure

Operating Systems: Moxa Industrial Linux Secure

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration with device-unique bootloader passwords. Requires physical access to serial interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Temporary denial-of-service if attacker reflashes a valid Moxa-signed image, causing device reboot and service interruption.

🟠

Likely Case

Minimal operational impact - attacker can view bootloader menu but cannot modify firmware or gain system access due to signature enforcement.

🟢

If Mitigated

No impact if physical access controls prevent unauthorized personnel from accessing serial interfaces.

🌐 Internet-Facing: LOW - Remote exploitation is not possible according to the description.

🏢 Internal Only: MEDIUM - Requires physical access, but industrial environments may have less stringent physical security than data centers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires physical access to device and knowledge of device-unique password. No privilege escalation or code execution possible due to signature verification.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers

Restart Required: No

Instructions:

No software patch available. Mitigation relies on physical security controls and monitoring.

🔧 Temporary Workarounds

Physical Access Controls

all

Restrict physical access to industrial computers to prevent unauthorized personnel from accessing serial interfaces.

Secure Serial Ports

all

Physically secure or disable unused serial ports, and monitor access to serial interfaces.

🧯 If You Can't Patch

Implement strict physical security controls around industrial equipment
Monitor physical access logs and serial port activity for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check if device is a Moxa Arm-based industrial computer running Moxa Industrial Linux Secure. Review physical security controls around serial port access.

Check Version:

Check device model and firmware version via Moxa management interface or console

Verify Fix Applied:

Verify physical security measures are implemented and serial ports are secured/disabled where possible.

📡 Detection & Monitoring

Log Indicators:

Serial port access logs
Bootloader access attempts
Unexpected device reboots

Network Indicators:

N/A - physical access required

SIEM Query:

Search for serial console access events or unexpected industrial device reboots in physical security logs

📊 Metadata

CVE ID: CVE-2026-0715

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

EPSS Score: 0.03% exploit probability (6.2th percentile)

Published: February 5, 2026

Last Updated: February 18, 2026

🔗 References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-industrial-computers Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Uc 1222a Firmware by Moxa

Uc 2222a T Ap Firmware by Moxa

Uc 2222a T Eu Firmware by Moxa

Uc 2222a T Firmware by Moxa

Uc 2222a T Us Firmware by Moxa

Uc 3420a T Lte Firmware by Moxa

Uc 3424a T Lte Firmware by Moxa

Uc 3430a T Lte Wifi Firmware by Moxa

Uc 3434a T Lte Wifi Firmware by Moxa

Uc 4410a T Firmware by Moxa

Uc 4414a I T Firmware by Moxa

Uc 4430a T Firmware by Moxa

Uc 4434a I T Firmware by Moxa

Uc 4450a T 5g Firmware by Moxa

Uc 4454a T 5g Firmware by Moxa

Uc 8210 T Lx S Firmware by Moxa

Uc 8220 T Lx Ap S Firmware by Moxa

Uc 8220 T Lx Eu S Firmware by Moxa

Uc 8220 T Lx Firmware by Moxa

Uc 8220 T Lx Us S Firmware by Moxa

V1202 Ct T Firmware by Moxa

V1222 Ct T Firmware by Moxa

V1222 W Ct T Firmware by Moxa

V2406c Kl1 Ct T Firmware by Moxa

V2406c Kl1 T Firmware by Moxa

V2406c Kl3 T Firmware by Moxa

V2406c Kl5 T Firmware by Moxa

V2406c Kl7 Ct T Firmware by Moxa

V2406c Kl7 T Firmware by Moxa

V2406c Wl1 Ct T Firmware by Moxa

V2406c Wl1 T Firmware by Moxa

V2406c Wl3 T Firmware by Moxa

V2406c Wl5 T Firmware by Moxa

V2406c Wl7 Ct T Firmware by Moxa

V2406c Wl7 T Firmware by Moxa