Vulnerability-Lookup

CERTFR-2026-AVI-0743

Vulnerability from certfr_avis - Published: 2026-06-12 - Updated: 2026-06-12

Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Moxa	UC-4400A Series	séries UC-4400A versions antérieures à MIL3.4.1 sans les derniers correctifs de sécurité
Moxa	UC-2200A Series	séries UC-2200A versions antérieures à MIL4.0.0 sans les derniers correctifs de sécurité
Moxa	UC-2200A Series	séries UC-2200A versions antérieures à MIL3.4.1 sans les derniers correctifs de sécurité
Moxa	UC-3400A Series	séries UC-3400A versions antérieures à MIL4.0.0 sans les derniers correctifs de sécurité
Moxa	V1200 Series	séries V1200 versions antérieures à MIL3 sans les derniers correctifs de sécurité
Moxa	UC-4400A Series	séries UC-4400A versions antérieures à MIL4.0.0 sans les derniers correctifs de sécurité
Moxa	V2406C Series	modèles V2406C WL toutes versions
Moxa	V3200 Series	séries V3200 versions antérieures à MIL3 sans les derniers correctifs de sécurité
Moxa	V3400 Series	séries V3400 versions antérieures à MIL sans les derniers correctifs de sécurité
Moxa	UC-1200A Series	séries UC-1200A versions antérieures à MIL3.4.1 sans les derniers correctifs de sécurité
Moxa	UC-1200A Series	séries UC-1200A versions antérieures à MIL4.0.0 sans les derniers correctifs de sécurité
Moxa	UC-8200 Series	séries UC-8200 versions antérieures à MIL3.4.1 sans les derniers correctifs de sécurité
Moxa	UC-3400A Series	séries UC-3400A versions antérieures à MIL3.4.1 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa MPSA-266240

2026-06-12

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "s\u00e9ries UC-4400A versions ant\u00e9rieures \u00e0 MIL3.4.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-4400A Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries UC-2200A versions ant\u00e9rieures \u00e0 MIL4.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-2200A Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries UC-2200A versions ant\u00e9rieures \u00e0 MIL3.4.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-2200A Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries UC-3400A versions ant\u00e9rieures \u00e0 MIL4.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-3400A Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries V1200 versions ant\u00e9rieures \u00e0 MIL3 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "V1200 Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries UC-4400A versions ant\u00e9rieures \u00e0 MIL4.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-4400A Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "mod\u00e8les V2406C WL toutes versions",
      "product": {
        "name": "V2406C Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries V3200 versions ant\u00e9rieures \u00e0 MIL3 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "V3200 Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries V3400 versions ant\u00e9rieures \u00e0 MIL sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "V3400 Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries UC-1200A versions ant\u00e9rieures \u00e0 MIL3.4.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-1200A Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries UC-1200A versions ant\u00e9rieures \u00e0 MIL4.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-1200A Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries UC-8200 versions ant\u00e9rieures \u00e0 MIL3.4.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-8200 Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries UC-3400A versions ant\u00e9rieures \u00e0 MIL3.4.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "UC-3400A Series",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-9266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9266"
    }
  ],
  "initial_release_date": "2026-06-12T00:00:00",
  "last_revision_date": "2026-06-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0743",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Moxa. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": "2026-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-266240",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-266240-cve-2026-9266-missing-required-cryptographic-step-vulnerability-in-industrial-computers"
    }
  ]
}

CVE-2026-9266 (GCVE-0-2026-9266)

Vulnerability from cvelistv5 – Published: 2026-06-12 10:00 – Updated: 2026-06-12 13:29

Summary

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effective protection. An attacker with invasive physical access to the device can still capture TPM communications on the SPI bus and derive the LUKS disk encryption key in plaintext. While successful exploitation results in full compromise of the encrypted disk volume, the attack requires invasive physical access, including opening the device and attaching external equipment to the SPI bus. Remote exploitation is not possible, and the attack does not affect any downstream systems.

Severity

7 (High)


                        
                          CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-325 - Missing Cryptographic Step

Assigner

Moxa

References

1 reference

URL	Tags
https://www.moxa.com/en/support/product-support/s…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Moxa	UC-1200A Series	Affected: 1.0 , ≤ 1.4 (custom)

Date Public

2026-06-12 10:00

Credits

Cyloq

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9266",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T13:29:27.309419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T13:29:34.626Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "OS image\u00a0(MIL3 Secure version)"
          ],
          "product": "UC-1200A Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "1.4",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:moxa:uc-1200a_series:*:*:os_image_mil3_secure_version_:*:*:*:*:*",
                  "versionEndIncluding": "1.4",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cyloq"
        }
      ],
      "datePublic": "2026-06-12T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Missing Required Cryptographic Step vulnerability has been identified in Moxa\u0027s embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effective protection.\u0026nbsp;An attacker with invasive physical access to the device can still capture TPM communications on the SPI bus and derive the LUKS disk encryption key in plaintext. While successful exploitation results in full compromise of the encrypted disk volume, the attack requires invasive physical access, including opening the device and attaching external equipment to the SPI bus. Remote exploitation is not possible, and the attack does not affect any downstream systems."
            }
          ],
          "value": "A Missing Required Cryptographic Step vulnerability has been identified in Moxa\u0027s embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effective protection.\u00a0An attacker with invasive physical access to the device can still capture TPM communications on the SPI bus and derive the LUKS disk encryption key in plaintext. While successful exploitation results in full compromise of the encrypted disk volume, the attack requires invasive physical access, including opening the device and attaching external equipment to the SPI bus. Remote exploitation is not possible, and the attack does not affect any downstream systems."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-699",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-699: Eavesdropping on a Monitor"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-325",
              "description": "CWE-325: Missing Cryptographic Step",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T10:00:33.056Z",
        "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "shortName": "Moxa"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-266240-cve-2026-9266-missing-required-cryptographic-step-vulnerability-in-industrial-computers"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Please refer to Moxa\u0027s security advisory."
            }
          ],
          "value": "Please refer to Moxa\u0027s security advisory."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
    "assignerShortName": "Moxa",
    "cveId": "CVE-2026-9266",
    "datePublished": "2026-06-12T10:00:33.056Z",
    "dateReserved": "2026-05-22T02:41:04.026Z",
    "dateUpdated": "2026-06-12T13:29:34.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted