216.73.217.47

CVE-2026-0715

· Published 05/02/2026 17:16 · Modified 05/02/2026 20:47

Labels: CVE-2026-0715 2026-02-05CVE-2026-0715CWE-522[email protected]

Essential information

Published
05/02/2026 17:16
Modified
05/02/2026 20:47
Author
Creator
CVSS
7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
moxa / industrial linux secure cpe:2.3:a:moxa:industrial_linux_secure:*:*:*:*:*:*:*:*

References