HOMEVULNERABILITIESCVE-2022-3088
HIGH

CVE-2022-3088

CWE-250Published: November 28, 2022· Updated: Jun 17, 2026

7.8
CVSS v3.1

Official Description

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.

NVD Source

Technical Analysis

CVE-2022-3088 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Debian1 product(s)
debian linux
moxa128 product(s)
uc-2101-lx firmwareuc-2101-lxuc-2102-lx firmwareuc-2102-lxuc-2104-lx firmwareuc-2104-lxuc-2111-lx firmwareuc-2111-lxuc-2112-lx firmwareuc-2112-lxuc-2102-t-lx firmwareuc-2102-t-lx+116
Source: NVD CPE · 140 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05Third Party Advisory · US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05Third Party Advisory · US Government Resource

Quick Facts

CVE IDCVE-2022-3088
CVSS Score7.8 / 10
SeverityHIGH
WeaknessCWE-250
CISA KEVNo
Affected2 vendor(s)
PublishedNov 28, 2022

Related CVEs (CWE-250)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2022-3088 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.