CVE-2022-3088
CVE-2022-3088 is a high-severity vulnerability in Moxa Uc-2101-lx Firmware with a CVSS 3.x base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-250.
Key facts
- Severity: High (CVSS 3.x base score 7.8)
- EPSS exploit prediction: 0% (9th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-250
- Affected product: Moxa Uc-2101-lx Firmware
- Published:
- Last modified:
Description
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.
Frequently asked questions
- What is CVE-2022-3088?
- UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.
- How severe is CVE-2022-3088?
- CVE-2022-3088 has a CVSS 3.x base score of 7.8, rated high severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2022-3088 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (9th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-3088?
- CVE-2022-3088 primarily affects Moxa Uc-2101-lx Firmware. In total, 75 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-3088?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2022-3088 published?
- CVE-2022-3088 was published on 2022-11-28 and last updated on 2026-06-17.
References
Affected products (75)
- cpe:2.3:o:moxa:uc-2101-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2102-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2104-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2111-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2112-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2102-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2114-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2116-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3101-t-us-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3101-t-eu-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-us-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-eu-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3121-t-us-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3121-t-eu-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3101-t-ap-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-ap-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3121-t-ap-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-eu-lx-nw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-ap-lx-nw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-us-lx-nw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5101-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5101-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5102-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5102-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5111-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5111-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5112-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5112-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8131-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8132-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8162-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112-me-t-lx1_firmware:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112-me-t-lx1_firmware:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112-me-t-lx_firmware:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112-me-t-lx_firmware:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112a-me-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8220-t-lx-s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8220-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Moxa Uc-2101-lx Firmware
- CVE-2023-1257 — High (CVSS 7.6): An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain…
- CVE-2022-3086 — High (CVSS 7.1): Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers…
All CVEs affecting Moxa Uc-2101-lx Firmware →
Other CWE-250 vulnerabilities
- CVE-2026-4606 — Critical (CVSS 10.0): GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing…
- CVE-2022-2634 — Critical (CVSS 10.0): An attacker may be able to execute malicious actions due to the lack of device access protections and device…
- CVE-2026-48584 — Critical (CVSS 9.9): Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a…
- CVE-2026-50566 — Critical (CVSS 9.9): Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and…
- CVE-2026-44477 — Critical (CVSS 9.9): CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and…
- CVE-2026-25212 — Critical (CVSS 9.9): An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser…