CVE-2022-3088

Name: CVE-2022-3088
Creator: NVD / NIST
Published: 2022-11-28T22:15:10.783+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.19%

Last modified Jun 17, 2026

CVE-2022-3088 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.. EPSS estimates a 0.19% chance of exploitation in the next 30 days.

Description

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.19%

8.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Moxa	Uc-2101-Lx Firmware	>= 1.0, <= 1.12
Moxa	Uc-2102-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-2104-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-2111-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-2112-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-2102-T-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-2114-T-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-2116-T-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-3101-T-Us-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3101-T-Eu-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3111-T-Us-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3111-T-Eu-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3121-T-Us-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3121-T-Eu-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3101-T-Ap-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3111-T-Ap-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3121-T-Ap-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-3111-T-Eu-Lx-Nw Firmware	>= 1.0, <= 1.6
Moxa	Uc-3111-T-Ap-Lx-Nw Firmware	>= 1.0, <= 1.6
Moxa	Uc-3111-T-Us-Lx-Nw Firmware	>= 1.0, <= 1.6
Moxa	Uc-5101-Lx Firmware	>= 1.0, <= 1.4
Moxa	Uc-5101-T-Lx Firmware	>= 1.0, <= 1.4
Moxa	Uc-5102-Lx Firmware	>= 1.0, <= 1.4
Moxa	Uc-5102-T-Lx Firmware	>= 1.0, <= 1.4
Moxa	Uc-5111-Lx Firmware	>= 1.0, <= 1.4
Moxa	Uc-5111-T-Lx Firmware	>= 1.0, <= 1.4
Moxa	Uc-5112-Lx Firmware	>= 1.0, <= 1.4
Moxa	Uc-5112-T-Lx Firmware	>= 1.0, <= 1.4
Moxa	Uc-8131-Lx Firmware	>= 3.0, <= 3.5
Moxa	Uc-8132-Lx Firmware	>= 3.0, <= 3.5
Moxa	Uc-8162-Lx Firmware	>= 3.0, <= 3.5
Moxa	Uc-8112-Lx Firmware	>= 3.0, <= 3.5
Moxa	Uc-8112-Me-T-Lx1 Firmware	3.0
Moxa	Uc-8112-Me-T-Lx1 Firmware	3.1
Moxa	Uc-8112-Me-T-Lx Firmware	3.0
Moxa	Uc-8112-Me-T-Lx Firmware	3.1
Moxa	Uc-8112a-Me-T-Lx Firmware	>= 1.0, <= 1.6
Moxa	Uc-8220-T-Lx-S Firmware	>= 1.0, <= 1.5
Moxa	Uc-8220-T-Lx Firmware	>= 1.0, <= 1.5
Moxa	Uc-8220-T-Lx-Us-S Firmware	>= 1.0, <= 1.5
Moxa	Uc-8220-T-Lx-Eu-S Firmware	>= 1.0, <= 1.5
Moxa	Uc-8220-T-Lx-Ap-S Firmware	>= 1.0, <= 1.5
Moxa	Aig-301-T-Us-Azu-Lx Firmware	>= 1.0, <= 1.4
Moxa	Aig-301-T-Eu-Azu-Lx Firmware	>= 1.0, <= 1.4
Moxa	Aig-301-T-Ap-Azu-Lx Firmware	>= 1.0, <= 1.4
Moxa	Aig-301-T-Cn-Azu-Lx Firmware	>= 1.0, <= 1.4
Moxa	Aig-301-T-Azu-Lx Firmware	>= 1.0, <= 1.4
Moxa	Aig-301-Azu-Lx Firmware	>= 1.0, <= 1.4
Moxa	Aig-301-Us-Azu-Lx Firmware	>= 1.0, <= 1.4
Moxa	Aig-301-Eu-Azu-Lx Firmware	>= 1.0, <= 1.4

Showing 50 of 75 affected configurations. See NVD for the full list.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05Third Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05Third Party Advisory, US Government Resource

Timeline

Published: Nov 28, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-3088?

How severe is CVE-2022-3088?

CVE-2022-3088 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.19% probability of exploitation in the next 30 days.

How do I fix CVE-2022-3088?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-3088?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST